Some Eclipse Foundation services are deprecated, or will be soon. Please ensure you've read this important communication.
Bug 367732 - Upgrade Virgo Jetty Server to fix hashtable collision DoS vulnerability
Summary: Upgrade Virgo Jetty Server to fix hashtable collision DoS vulnerability
Status: CLOSED FIXED
Alias: None
Product: Virgo
Classification: RT
Component: jetty (show other bugs)
Version: 3.0.2.RELEASE   Edit
Hardware: PC Mac OS X - Carbon (unsup.)
: P3 normal (vote)
Target Milestone: 3.5.0.M04   Edit
Assignee: Chris Frost CLA
QA Contact:
URL:
Whiteboard:
Keywords:
Depends on: 367733
Blocks:
  Show dependency tree
 
Reported: 2012-01-03 05:00 EST by Glyn Normington CLA
Modified: 2012-04-27 05:03 EDT (History)
2 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Glyn Normington CLA 2012-01-03 05:00:56 EST 
According to http://www.nruns.com/_downloads/advisory28122011.pdf Jetty has this vulnerability.
Comment 1 Violeta Georgieva CLA 2012-01-14 17:08:46 EST 
According to http://dev.eclipse.org/mhonarc/lists/jetty-users/msg01818.html

Jetty 7.6.0.RC3 contains a fix for this.
Comment 2 Chris Frost CLA 2012-01-18 05:39:13 EST 
I follow the Jetty mailing list. They plan to release 7.6 on Monday 23rd.
Comment 3 Chris Frost CLA 2012-03-21 07:37:21 EDT 
To be fixed on the 3.5 line
Comment 4 Chris Frost CLA 2012-04-24 12:04:09 EDT 
Upgraded version of Jetty in place along with a changed admin console. All is working well.