Jetty Vulnerabilities in Coldfusion 11
Unable to update Jetty jars in ColdFusion 11 server.
Presently using jetty-server-9.0.7.v20131107.jar. Security scans have identified this jetty jar and a few other jetty jars to be a vulnerable.
I tried to change the host setting from 0.0.0.0 to 127.0.0.1 within jetty.xml. I was thinking this maybe the issue within in the jetty jars the scan is having a problem with….
After the change, the jar failed the scan again.
I’ve tried replacing jetty-server-9.0.7.v20131107.jar and it’s dependencies with 9.4.11.v2018xxxx, 9.4.12.v2018xxxx, 9.4.13.v2018xxxx, and 9.4.14.v2018xxxx with no luck.
When trying to update the jar and it’s dependencies, ColdFusion 11 Server stops working. I’m unable to reach the CF admin UI. I see errors stating “Unable to initialize Monitoring service”.
Is there no way to update the jetty jars within ColdFusion 11 without the system not working?