diff options
Diffstat (limited to 'documentation/9.4.x/security-reports.html')
-rw-r--r-- | documentation/9.4.x/security-reports.html | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/documentation/9.4.x/security-reports.html b/documentation/9.4.x/security-reports.html index 246d6fe228..9d6df95c1b 100644 --- a/documentation/9.4.x/security-reports.html +++ b/documentation/9.4.x/security-reports.html @@ -17,7 +17,7 @@ <span class="website">www.webtide.com</span></a></h5><p> private support for your internal/customer projects ... custom extensions and distributions ... versioned snapshots for indefinite support ... scalability guidance for your apps and Ajax/Comet projects ... development services for sponsored feature development - </p></div><div class="section"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="security-reports"></a>Jetty Security Reports</h2></div></div></div><p>The following sections provide information about Jetty security issues.</p><p>If you would like to report a security issue please follow these <a class="link" href="security-reporting.html" title="Reporting Security Issues">instructions</a>.</p><div class="table"><a name="d0e30783"></a><p class="title"><b>Table 33.1. Resolved Issues</b></p><div class="table-contents"><table class="table" summary="Resolved Issues" border="1" width="99%"><colgroup><col class="col_1"><col class="col_2"><col class="col_3"><col class="col_4"><col class="col_5"><col class="col_6"><col class="col_7"></colgroup><thead><tr><th align="left" valign="top">yyyy/mm/dd</th><th align="left" valign="top">ID</th><th align="left" valign="top">Exploitable</th><th align="left" valign="top">Severity</th><th align="left" valign="top">Affects</th><th align="left" valign="top">Fixed Version</th><th align="left" valign="top">Comment</th></tr></thead><tbody><tr><td align="left" valign="top"><p>2016/05/31</p></td><td align="left" valign="top"><p>CVE-2016-4800</p></td><td align="left" valign="top"><p>high</p></td><td align="left" valign="top"><p>high</p></td><td align="left" valign="top"><p>>= 9.3.0, < = 9.3.8</p></td><td align="left" valign="top"><p>9.3.9</p></td><td align="left" valign="top"><p><a class="link" href="http://www.ocert.org/advisories/ocert-2016-001.html" target="_top">Alias vulnerability allowing access to protected resources within a webapp on Windows.</a></p></td></tr><tr><td align="left" valign="top"><p>2015/02/24</p></td><td align="left" valign="top"><p>CVE-2015-2080</p></td><td align="left" valign="top"><p>high</p></td><td align="left" valign="top"><p>high</p></td><td align="left" valign="top"><p>>=9.2.3 <9.2.9</p></td><td align="left" valign="top"><p>9.2.9</p></td><td align="left" valign="top"><p><a class="link" href="http://blog.gdssecurity.com/labs/2015/2/25/jetleak-vulnerability-remote-leakage-of-shared-buffers-in-je.html" target="_top">JetLeak exposure of past buffers during HttpParser error</a></p></td></tr><tr><td align="left" valign="top"><p>2013/11/27</p></td><td align="left" valign="top"><p><a class="link" href="http://en.securitylab.ru/lab/PT-2013-65" target="_top">PT-2013-65</a></p></td><td align="left" valign="top"><p>medium</p></td><td align="left" valign="top"><p>high</p></td><td align="left" valign="top"><p>>=9.0.0 <9.0.5</p></td><td align="left" valign="top"><p>9.0.6 + </p></div><div class="section"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="security-reports"></a>Jetty Security Reports</h2></div></div></div><p>The following sections provide information about Jetty security issues.</p><p>If you would like to report a security issue please follow these <a class="link" href="security-reporting.html" title="Reporting Security Issues">instructions</a>.</p><div class="table"><a name="d0e30819"></a><p class="title"><b>Table 33.1. Resolved Issues</b></p><div class="table-contents"><table class="table" summary="Resolved Issues" border="1" width="99%"><colgroup><col class="col_1"><col class="col_2"><col class="col_3"><col class="col_4"><col class="col_5"><col class="col_6"><col class="col_7"></colgroup><thead><tr><th align="left" valign="top">yyyy/mm/dd</th><th align="left" valign="top">ID</th><th align="left" valign="top">Exploitable</th><th align="left" valign="top">Severity</th><th align="left" valign="top">Affects</th><th align="left" valign="top">Fixed Version</th><th align="left" valign="top">Comment</th></tr></thead><tbody><tr><td align="left" valign="top"><p>2016/05/31</p></td><td align="left" valign="top"><p>CVE-2016-4800</p></td><td align="left" valign="top"><p>high</p></td><td align="left" valign="top"><p>high</p></td><td align="left" valign="top"><p>>= 9.3.0, < = 9.3.8</p></td><td align="left" valign="top"><p>9.3.9</p></td><td align="left" valign="top"><p><a class="link" href="http://www.ocert.org/advisories/ocert-2016-001.html" target="_top">Alias vulnerability allowing access to protected resources within a webapp on Windows.</a></p></td></tr><tr><td align="left" valign="top"><p>2015/02/24</p></td><td align="left" valign="top"><p>CVE-2015-2080</p></td><td align="left" valign="top"><p>high</p></td><td align="left" valign="top"><p>high</p></td><td align="left" valign="top"><p>>=9.2.3 <9.2.9</p></td><td align="left" valign="top"><p>9.2.9</p></td><td align="left" valign="top"><p><a class="link" href="http://blog.gdssecurity.com/labs/2015/2/25/jetleak-vulnerability-remote-leakage-of-shared-buffers-in-je.html" target="_top">JetLeak exposure of past buffers during HttpParser error</a></p></td></tr><tr><td align="left" valign="top"><p>2013/11/27</p></td><td align="left" valign="top"><p><a class="link" href="http://en.securitylab.ru/lab/PT-2013-65" target="_top">PT-2013-65</a></p></td><td align="left" valign="top"><p>medium</p></td><td align="left" valign="top"><p>high</p></td><td align="left" valign="top"><p>>=9.0.0 <9.0.5</p></td><td align="left" valign="top"><p>9.0.6 <a class="link" href="https://bugs.eclipse.org/bugs/show_bug.cgi?id=418014" target="_top">418014</a></p></td><td align="left" valign="top"><p>Alias checking disabled by NTFS errors on Windows.</p></td></tr><tr><td align="left" valign="top"><p>2013/07/24</p></td><td align="left" valign="top"><p><a class="link" href="https://bugs.eclipse.org/bugs/show_bug.cgi?id=413684" target="_top">413684</a></p></td><td align="left" valign="top"><p>low</p></td><td align="left" valign="top"><p>medium</p></td><td align="left" valign="top"><p>>=7.6.9 <9.0.5</p></td><td align="left" valign="top"><p>7.6.13,8.1.13,9.0.5 <a class="link" href="https://bugs.eclipse.org/bugs/show_bug.cgi?id=413684" target="_top">413684</a></p></td><td align="left" valign="top"><p>Constraints bypassed if Unix symlink alias checker used on Windows.</p></td></tr><tr><td align="left" valign="top"><p>2011/12/29</p></td><td align="left" valign="top"><p><a class="link" href="http://www.ocert.org/advisories/ocert-2011-003.html" target="_top">CERT2011-003</a> <a class="link" href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4461" target="_top">CVE-2011-4461</a></p></td><td align="left" valign="top"><p>high</p></td><td align="left" valign="top"><p>medium</p></td><td align="left" valign="top"><p>All versions</p></td><td align="left" valign="top"><p>7.6.0.RCO <a class="link" href="https://bugs.eclipse.org/bugs/show_bug.cgi?id=367638" target="_top">Jetty-367638</a></p></td><td align="left" valign="top"><p>Added ContextHandler.setMaxFormKeys (intkeys) to limit the number of parameters (default 1000).</p></td></tr><tr><td align="left" valign="top"><p>2009/11/05</p></td><td align="left" valign="top"><p><a class="link" href="http://www.kb.cert.org/vuls/id/120541" target="_top">CERT2011-003</a> <a class="link" href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555" target="_top">CERT2011-003</a></p></td><td align="left" valign="top"><p>medium</p></td><td align="left" valign="top"><p>high</p></td><td align="left" valign="top"><p>JVM<1.6u19</p></td><td align="left" valign="top"><p>jetty-7.01.v20091125, jetty-6.1.22</p></td><td align="left" valign="top"><p>Work @@ -41,7 +41,7 @@ constraint bypass.</p></td></tr></tbody></table></div></div><br class="table-bre </script><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="troubleshooting-slow-deployment.html"><i class="fa fa-chevron-left" aria-hidden="true"></i> Previous</a> </td><td width="20%" align="center"><a accesskey="u" href="troubleshooting.html"><i class="fa fa-chevron-up" aria-hidden="true"></i> Top</a></td><td width="40%" align="right"> <a accesskey="n" href="watchservice.html">Next <i class="fa fa-chevron-right" aria-hidden="true"></i></a></td></tr><tr><td width="40%" align="left" valign="top">Troubleshooting Slow Deployment </td><td width="20%" align="center"><a accesskey="h" href="index.html"><i class="fa fa-home" aria-hidden="true"></i> Home</a></td><td width="40%" align="right" valign="top"> Java WatchService</td></tr></table></div><p xmlns:jfetch="java:org.eclipse.jetty.xslt.tools.JavaSourceFetchExtension" xmlns:fetch="java:org.eclipse.jetty.xslt.tools.SourceFetchExtension" xmlns:d="http://docbook.org/ns/docbook" xmlns:l="http://docbook.sourceforge.net/xmlns/l10n/1.0" xmlns:xslthl="http://xslthl.sf.net" xmlns:gcse="http://www.google.com" xmlns:date="http://exslt.org/dates-and-times"><div class="jetty-callout"> See an error or something missing? <span class="callout"><a href="http://github.com/eclipse/jetty.project">Contribute to this documentation at - <span class="website"><i class="fa fa-github" aria-hidden="true"></i> Github!</span></a></span><span style="float: right"><i>(Generated: 2017-11-17)</i></span></div></p><script xmlns:jfetch="java:org.eclipse.jetty.xslt.tools.JavaSourceFetchExtension" xmlns:fetch="java:org.eclipse.jetty.xslt.tools.SourceFetchExtension" xmlns:d="http://docbook.org/ns/docbook" xmlns:l="http://docbook.sourceforge.net/xmlns/l10n/1.0" xmlns:xslthl="http://xslthl.sf.net" xmlns:gcse="http://www.google.com" xmlns:date="http://exslt.org/dates-and-times" type="text/javascript"> + <span class="website"><i class="fa fa-github" aria-hidden="true"></i> Github!</span></a></span><span style="float: right"><i>(Generated: 2017-11-23)</i></span></div></p><script xmlns:jfetch="java:org.eclipse.jetty.xslt.tools.JavaSourceFetchExtension" xmlns:fetch="java:org.eclipse.jetty.xslt.tools.SourceFetchExtension" xmlns:d="http://docbook.org/ns/docbook" xmlns:l="http://docbook.sourceforge.net/xmlns/l10n/1.0" xmlns:xslthl="http://xslthl.sf.net" xmlns:gcse="http://www.google.com" xmlns:date="http://exslt.org/dates-and-times" type="text/javascript"> var _gaq = _gaq || []; _gaq.push(['_setAccount', 'UA-1149868-7']); _gaq.push(['_trackPageview']); |