2 Replies Latest reply on Sep 26, 2014 9:43 AM by Jay999999999999999

    Anyone familiar with Jetty DoS vulnerability as it relates to CF?


      I am trying to get approval to run CF11 in production environment, and scans keep flagging a Jetty vulnerability -- CVE-2011-4461 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4461). It says the solution is to "upgrade Jetty to version 8.1.0.RC2 or newer."

      Can I just upgrade Jetty and keep everything together ColdFusion? It doesn't seem like that would work or, I assume, Adobe would distribute a newer version of Jetty to begin with.

      I am not using remote start/stop but am using Solr ... so, I don't think disabling Jetty altogether is an option.

      Has anyone else run into this? Would you be willing to share your insight? Thank you.