TBC ME 7.0.3 Eclipse Jetty DoS vulnerability problem

[Kai Liu]

Hi,

our IT department reported that the TBC ME 7.0.3 running on Win10 has a vulnerability problem related to the used Eclipse Jetty version 9.4.35.v20201120. The corresponding bug report is here: https://bugs.eclipse.org/bugs/show_bug.cgi?id=571128

Could you please suggest me how to solve it in TBC ME 7.0.3?

Thanks.

Best regards, Kai

[Holger Knublauch]

Hi Kai,

TBC is for single users and launches its private localhost jetty server for testing of EDG and for development of EDG customizations only. The jetty of TBC is never exposed to external users who could exploit this vulnerability. Even in the worst case, if you elect to trigger this bug yourself, all you need to do is restart TBC. If someone from the outside manages to invoke services from the TBC jetty server at localhost, then you may have many other problems than this vulnerability.

Holger

--
You received this message because you are subscribed to the Google Groups "TopBraid Suite Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to topbraid-user...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/topbraid-users/06df0790-7025-4be2-a122-a9bbd870fe3cn%40googlegroups.com.