VERIFIED SOLUTION i
X

Is Spectrum affected by the Jetty vulnerability?

Issue

A vulnerability was exposed in Jetty web servers where bits of information can be extracted from requests including usernames, passwords, etc. The below web article describes the vulnerability:

http://www.securityweek.com/critical-vulnerability-found-jetty-web-server 

Cause

The Jetty libraries built into Spectrum 9.3 are vulnerable to this leak. Spectrum 10.1 and 11 are not vulnerable, as the libraries used for these versions are newer than the reported vulnerable versions, thus including the patch to fix the problem. 

Resolution

UPDATED: April 26, 2017


Customers that are concerned with this vulnerability are urged to upgrade to versions 10.1 or 11.0. This will not be any patches released to address the issue in the older versions of Spectrum, as this vulnerability was exposed after the release of Spectrum 10.1. 

Environment Details

Product Feature: Spectrum Server
 

Downloads

  • No Downloads