Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 45552 - Jetty: Unspecified Denial Of Service Vulnerability, <4.2.19
Summary: Jetty: Unspecified Denial Of Service Vulnerability, <4.2.19
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: GLSA Errors (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
URL: http://www.securityfocus.com/bid/9917
Whiteboard:
Keywords: SECURITY
Depends on:
Blocks:
 
Reported: 2004-03-23 14:58 UTC by schaedpq
Modified: 2004-04-06 08:57 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---
klieber: Pending-
klieber: Assigned_To+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description schaedpq 2004-03-23 14:58:38 UTC 
An unspecified denial of service vulnerability has been reported in Jetty Java HTTP Servlet Server. It is conjectured that this may be exploited remotely.

Reproducible: Didn't try
Steps to Reproduce:
1.
2.
3.




Found in bugtraq:

Jetty Unspecified Denial Of Service Vulnerability:
http://www.securityfocus.com/bid/9917/discussion/
An unspecified denial of service vulnerability has been reported in Jetty Java
HTTP Servlet Server. It is conjectured that this may be exploited remotely.

Solution:
This issue has been addressed in Jetty 4.2.19.
Comment 1 solar (RETIRED) gentoo-dev 2004-03-27 09:54:18 UTC 
current version in portage is net-www/jetty-4.2.17

Java herd please put a jetty-4.2.19 in the portage tree.
Comment 2 Chris Aniszczyk (RETIRED) gentoo-dev 2004-03-27 10:14:07 UTC 
Updated in portage. 4.2.17 is gone.
Comment 3 solar (RETIRED) gentoo-dev 2004-03-27 11:04:22 UTC 
Thanks for updatiung zx

Reopening bug and changing product so GLSA can be done.
Comment 4 Kurt Lieber (RETIRED) gentoo-dev 2004-04-06 08:57:46 UTC 
neither 4.2.17 nor 4.2.19 were/are marked stable on any arches (they're both ~masked).  As such, closing without issuing a GLSA.