DevTest 10.3 Eclipse Jetty Vulnerabilities
Article ID: 124906
Updated On:
Products
CA Application Test
Service Virtualization
CA Continuous Application Insight (PathFinder)
Issue/Introduction
The following Jetty vulnerabilities were found by the scanner:
CVE20177656, CVE20177657, CVE20177658, CVE201812536 and CVE201812538
CVE20177656, CVE20177657, CVE20177658, CVE201812536 and CVE201812538
Environment
DevTest on release 10.3 and 10.4.
Resolution
The Jetty security vulnerabilities reported in DevTest 10.3 are for jetty-version-9.3.11(jetty-all-9.3.11.v20160721-uber.jar).
To resolve this issue we required to upgrade the jetty server with jetty-all-9.3.24.v20180605-uber.jar. It is not possible to provide a patch to remediate these vulnerabilities because changing the jar version breaks the classes and some other existing jars version does not support the jetty-all-9.3.24.v20180605-uber.jar.
A patch on top of DevTest 10.6 is available.
Please open a support case to request the patch.
Feedback
Powered by
