Uploaded image for project: 'Blazegraph (by SYSTAP)'
  1. Blazegraph (by SYSTAP)
  2. BLZG-8850

Please upgrade Jetty version to 9.2.9+ to avoid HttpParse Memory Error

    Details

      Description

      Our scan showed the blazegraph.jar held open port 9999 and was creating a vulnerability based on the Jetty HttpParse Memory error.

      Please see here for details: https://vuldb.com/?id.69235

      Could you please consider updating the blazegraph.jar with the newer versions of the Jetty jar as described (e.g., to a version greater than 9.2.8)? Thank you in advance.

        Activity

        Hide
        marianomx Mariano Rodriguez Muro added a comment - - edited

        Complementing Nat's report.

        For Blazegraph 2.1.0, the following change to the main pom.xml file and re-packing fixed the issue:

        {{
        previous version -> <jetty.version>9.2.3.v20140905</jetty.version>
        change to-> <jetty.version>9.2.9.v20150224</jetty.version>
        }}

        Show
        marianomx Mariano Rodriguez Muro added a comment - - edited Complementing Nat's report. For Blazegraph 2.1.0, the following change to the main pom.xml file and re-packing fixed the issue: {{ previous version -> <jetty.version>9.2.3.v20140905</jetty.version> change to-> <jetty.version>9.2.9.v20150224</jetty.version> }}
        Hide
        beebs Brad Bebee added a comment -

        Thanks. Will try to get this security fix into one of the upcoming releases.

        Show
        beebs Brad Bebee added a comment - Thanks. Will try to get this security fix into one of the upcoming releases.
        Hide
        beebs Brad Bebee added a comment -

        Upgrading to 9.2.9.v20150224.

        Show
        beebs Brad Bebee added a comment - Upgrading to 9.2.9.v20150224.
        Hide
        beebs Brad Bebee added a comment -
        Show
        beebs Brad Bebee added a comment - Merged with clean CI in https://github.com/blazegraph/bigdata/pull/508

          People

          • Assignee:
            beebs Brad Bebee
            Reporter:
            wnmills3 Nathaniel Mills
          • Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: