I can’t find a specific reference to this vulnerability in the Jetty change logs, but someone had a build of 3.7.0 running Jetty 7.5.2 - I’ve been trying to get the patch, since 7.0.2 is really old.
I have a thread about compiling openfire with Jetty 7.5.2 - Someone indicated they had a patch for this, but had not shared it. I updated the thread yesterday.