DevTest Vulnerability CVE-2016-4800
search cancel

DevTest Vulnerability CVE-2016-4800

book

Article ID: 233020

calendar_today

Updated On:

Products

Service Virtualization

Issue/Introduction

Vulnerability CVE-2016-4800 found in the use of the Jetty 9.3 version of DevTest.

Environment

Release : 10.6

Component :

Resolution

CVE-2016-4800 vulnerability only impacts Eclipse Jetty 9.3.x before 9.3.9 on Windows. Ref - https://www.cvedetails.com/cve/CVE-2016-4800/

For DevTest only one specific JAR that is impacted by "CVE-2016-4800". The DevTest portal webserver component uses jetty-all-9.3.5.v20151012-uber.jar located under "<DevTest_Home>\webserver\phoenix\phoenix-10.6.0\WEB-INF\lib"

Apart from this one instance, rest of the DevTest components are having 9.3.11. 

To remediate this issue, replace the "jetty-all-9.3.5.v20151012-uber.jar" in "<DevTest_Home>\webserver\phoenix\phoenix-10.6.0\WEB-INF\lib" with the "jetty-all-9.3.11.v20160721-uber.jar" available in <DevTest_Home>\lib\shared folder.

 

Powered by Wolken Software