VERIFIED SOLUTION i
Is Spectrum affected by the Jetty vulnerability?
A vulnerability was exposed in Jetty web servers where bits of information can be extracted from requests including usernames, passwords, etc. The below web article describes the vulnerability:
The Jetty libraries built into Spectrum 9.3 are vulnerable to this leak. Spectrum 10.1 and 11 are not vulnerable, as the libraries used for these versions are newer than the reported vulnerable versions, thus including the patch to fix the problem.
UPDATED: April 26, 2017
Customers that are concerned with this vulnerability are urged to upgrade to versions 10.1 or 11.0. This will not be any patches released to address the issue in the older versions of Spectrum, as this vulnerability was exposed after the release of Spectrum 10.1.
Product Feature: Spectrum Server
- No Downloads