Jetty Vulnerabilities?

Discussion in 'Computer Security' started by Clementine, Jun 8, 2005.

  1. Clementine

    Clementine Guest

    Hi,
    The Jetty HTTP server is supposed to be more secure and robust than
    APACHE, Tomcat. Is there any place where i could find what attacks
    Jetty is vulnerable to and if there are any holes which would
    compromise the security of the web applications.

    Thanks.
    Clementine, Jun 8, 2005
    #1
    1. Advertising

  2. Clementine

    Unruh Guest

    "Clementine" <> writes:

    >Hi,
    >The Jetty HTTP server is supposed to be more secure and robust than
    >APACHE, Tomcat. Is there any place where i could find what attacks
    >Jetty is vulnerable to and if there are any holes which would
    >compromise the security of the web applications.


    If they knew what holes there were they would presumably be plugged.
    Certainly the known holes in apache are plugged. It is the unknown holes
    that are the problem. And you will have a hard time finding a list of the
    unknown holes.
    Unruh, Jun 8, 2005
    #2
    1. Advertising

  3. Clementine

    Winged Guest

    Clementine wrote:
    > Hi,
    > The Jetty HTTP server is supposed to be more secure and robust than
    > APACHE, Tomcat. Is there any place where i could find what attacks
    > Jetty is vulnerable to and if there are any holes which would
    > compromise the security of the web applications.
    >
    > Thanks.
    >

    http://secunia.com/product/376/

    They only show one unfixed vulnerability relating to directory
    transversal and reading of arbitrary files on the web server that has a
    partial fix. in 3.0/4.0. This is considered a medium critical flaw that
    has not been patched. The vulnerability has been open since March 04.
    They don't appear to have a great record fixing the issue since it
    occurred inversion 3.x and 4.0 and in excess of a year old. That said,
    it may be they can't fix the vulnerability due to how the product operates.

    I would have to weigh the criticality and data exposure against my needs
    before I used it. I would be very careful in my considerations with
    mission critical, sensitive applications, or with private data. But
    Jetty might be ideal for an easy to use/maintain application for
    inter-office/ subnet communications for example.I would not use this for
    any server requiring medium to high security.

    Looking at the numbers it will not handle industrial strength workloads
    but for light loads it appears to be more than adequate.

    Not sure how valuable my feed back is as I have never "used" the
    product. I will remedy this as I have just downloaded the product to
    get familiar with. There may be niches jetty might be useful for. Thanks,

    Winged
    Winged, Jun 9, 2005
    #3
  4. Clementine

    Clementine Guest

    Thanks winged!
    >I would not use this for any server requiring medium to high security.


    I tried some of the XSS attacks and SQL injections in my own network
    which uses a jetty server and I can say it does a good job of escaping
    HTML and javascript even in its error pages and takes care of other
    things which make such servers vulnerable. I'm not quite sure if this
    server is more secure than Tomcat and other servers...but looks pretty
    good.
    Clementine, Jun 9, 2005
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Ron
    Replies:
    29
    Views:
    932
    Ed Mullen
    Nov 15, 2005
  2. Pavlov
    Replies:
    0
    Views:
    428
    Pavlov
    Apr 21, 2004
  3. you know who maybe

    Check for vulnerabilities in Cisco IOS?

    you know who maybe, Feb 9, 2006, in forum: Cisco
    Replies:
    3
    Views:
    828
    mickrussom
    Jul 31, 2006
  4. John Owens

    Does MSN Messenger create more vulnerabilities ?

    John Owens, Jul 11, 2003, in forum: Computer Support
    Replies:
    0
    Views:
    480
    John Owens
    Jul 11, 2003
  5. Boomer
    Replies:
    1
    Views:
    789
    Hugh Lilly
    Aug 27, 2003
Loading...

Share This Page