Apache Vulnerability in Openfire install

Hello -

We do routine vulnerability scans on our network and the servers we have Openfire installed on have the following vulnerability:


Any reccomendations on remediating this?



You confirmed that vulnerability was from port 9090 or 9091?

What version of Openfire are you running. What version of Jetty does it say you are using?

Correct it is from port 9090. We are using version 3.7.1 Jetty version: jetty/7.0.2-SNAPSHOT

I can’t find a specific reference to this vulnerability in the Jetty change logs, but someone had a build of 3.7.0 running Jetty 7.5.2 - I’ve been trying to get the patch, since 7.0.2 is really old.

Any idea how one might upgrade the Jetty? I have the 7.5.2 Jetty patch.

I have a thread about compiling openfire with Jetty 7.5.2 - Someone indicated they had a patch for this, but had not shared it. I updated the thread yesterday.