Uploaded image for project: 'Qpid'
  1. Qpid
  2. QPID-8259

[Broker-J] Upgrade Jetty to version 9.4.12.v20180830

    XMLWordPrintableJSON

    Details

      Description

      A number of security vulnerabilities have been reported against version in use. See https://www.eclipse.org/jetty/documentation/9.4.x/security-reports.html

      yyyy/mm/dd ID Exploitable Severity Affects Fixed Version Comment
      2018/06/25 CVE-2018-12538 High High >= 9.4.0, < = 9.4.8 9.4.9 HttpSessions present specifically in the FileSystem’s storage could be hijacked/accessed by an unauthorized user.
      2018/06/25 CVE-2018-12536 High See CWE-202 < = 9.4.10 9.2.25, 9.3.24, 9.4.11 InvalidPathException Message reveals webapp system path.
      2018/06/25 CVE-2017-7658 See CWE-444 See CWE-444 < = 9.4.10 9.2.25, 9.3.24, 9.4.11 Too Tolerant Parser, Double Content-Length + Transfer-Encoding + Whitespace.
      2018/06/25 CVE-2017-7657 See CWE-444 See CWE-444 < = 9.4.10 9.2.25, 9.3.24, 9.4.11 HTTP/1.1 Request smuggling with carefully crafted body content (Does not apply to HTTP/1.0 or HTTP/2).
      2018/06/25 CVE-2017-7656 See CWE-444 See CWE-444 < = 9.4.10 9.2.25, 9.3.24, 9.4.11 HTTP Request Smuggling when used with invalid request headers (for HTTP/0.9).

        Attachments

          Activity

            People

            • Assignee:
              orudyy Alex Rudyy
              Reporter:
              orudyy Alex Rudyy
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: