DevTest 10.3 Eclipse Jetty Vulnerabilities

book

Article ID: 124906

calendar_today

Updated On:

Products

CA Application Test Service Virtualization CA Continuous Application Insight (PathFinder)

Issue/Introduction

The following Jetty vulnerabilities were found by the scanner:
CVE20177656, CVE20177657, CVE20177658, CVE201812536 and CVE201812538

Environment

DevTest on release 10.3 and 10.4.

Resolution

The Jetty security vulnerabilities reported in DevTest 10.3 are for jetty-version-9.3.11(jetty-all-9.3.11.v20160721-uber.jar).
To resolve this issue we required to upgrade the jetty server with jetty-all-9.3.24.v20180605-uber.jar. It is not possible to provide a patch to remediate these vulnerabilities because changing the jar version breaks the classes and some other existing jars version does not support the jetty-all-9.3.24.v20180605-uber.jar.
A patch on top of DevTest 10.6 is available.
Please open a support case to request the patch.