Copy link to clipboard
Copied
During a vulnerability scan, my ColdFusion 2011 server was identified as having several Eclipse Jetty vulnerabilities (version 9.0.7.v20131107). Will CF v11 be updated to address these? Or, will I have to manually upgrade Jetty to the secured version -- and if so, how?
Copy link to clipboard
Copied
All suggested secured versions are:
Copy link to clipboard
Copied
You might just be able to use your local server's host-based firewall functionality to block connections to Jetty from remote machines. See what ports are vulnerable from your scan, then block those so that they are only accessible from localhost.
Dave Watts, Eidolon LLC
Copy link to clipboard
Copied
Also - I forgot to mention this - CF 11 is the oldest supported version of ColdFusion, so fixes to Jetty may be slow in coming. But you could still go to the Adobe bug tracker and look there for open bugs, or create one yourself.
Dave Watts, Eidolon LLC