Some Eclipse Foundation services are deprecated, or will be soon. Please ensure you've read this important communication.

Bug 367732

Summary: Upgrade Virgo Jetty Server to fix hashtable collision DoS vulnerability
Product: [RT] Virgo Reporter: Glyn Normington <glyn.normington>
Component: jettyAssignee: Chris Frost <eclipse>
Status: CLOSED FIXED QA Contact:
Severity: normal    
Priority: P3 CC: eclipse, milesg78
Version: 3.0.2.RELEASE   
Target Milestone: 3.5.0.M04   
Hardware: PC   
OS: Mac OS X - Carbon (unsup.)   
Whiteboard:
Bug Depends on: 367733    
Bug Blocks:    

Description Glyn Normington CLA 2012-01-03 05:00:56 EST 
According to http://www.nruns.com/_downloads/advisory28122011.pdf Jetty has this vulnerability.
Comment 1 Violeta Georgieva CLA 2012-01-14 17:08:46 EST 
According to http://dev.eclipse.org/mhonarc/lists/jetty-users/msg01818.html

Jetty 7.6.0.RC3 contains a fix for this.
Comment 2 Chris Frost CLA 2012-01-18 05:39:13 EST 
I follow the Jetty mailing list. They plan to release 7.6 on Monday 23rd.
Comment 3 Chris Frost CLA 2012-03-21 07:37:21 EDT 
To be fixed on the 3.5 line
Comment 4 Chris Frost CLA 2012-04-24 12:04:09 EDT 
Upgraded version of Jetty in place along with a changed admin console. All is working well.