Highlighted

Jetty Vulnerabilities in Coldfusion 2011

New Here ,
Feb 01, 2019

Copy link to clipboard

Copied

During a vulnerability scan, my ColdFusion 2011 server was identified as having several Eclipse Jetty vulnerabilities (version 9.0.7.v20131107).  Will CF v11 be updated to address these?  Or, will I have to manually upgrade Jetty to the secured version -- and if so, how?

Views

134

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more

Jetty Vulnerabilities in Coldfusion 2011

New Here ,
Feb 01, 2019

Copy link to clipboard

Copied

During a vulnerability scan, my ColdFusion 2011 server was identified as having several Eclipse Jetty vulnerabilities (version 9.0.7.v20131107).  Will CF v11 be updated to address these?  Or, will I have to manually upgrade Jetty to the secured version -- and if so, how?

Views

135

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Feb 01, 2019 0
New Here ,
Feb 01, 2019

Copy link to clipboard

Copied

All suggested secured versions are:

  • 9.3.24.v20180605
  • 9.3.25.v20180904
  • 9.4.13.v20181111
  • 9.4.14.v20181114

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Feb 01, 2019 0
Adobe Community Professional ,
Feb 02, 2019

Copy link to clipboard

Copied

You might just be able to use your local server's host-based firewall functionality to block connections to Jetty from remote machines. See what ports are vulnerable from your scan, then block those so that they are only accessible from localhost.

Dave Watts, Eidolon LLC

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Feb 02, 2019 0
Adobe Community Professional ,
Feb 02, 2019

Copy link to clipboard

Copied

Also - I forgot to mention this - CF 11 is the oldest supported version of ColdFusion, so fixes to Jetty may be slow in coming. But you could still go to the Adobe bug tracker and look there for open bugs, or create one yourself.

Dave Watts, Eidolon LLC

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Feb 02, 2019 0