Welcome to the new Gigaspaces XAP forum. To recover your account, please follow these instructions.

Ask Your Question

Is the embedded Jetty container vulnerable to CVE-2018-1199 ?

Hey guys,

I know Jetty is not vulnerable to this issue reported in CVE-2018-1199 in products such as JBoss Fuse, because it doesn't return path parameters. What about Jetty in XAP? We're now moving to the latest version in our product, so I'm more concerned about the web container that comes with this latest version.

Cheers, Pedro

asked 2018-05-28 10:38:40 -0500

pedrobrigatto gravatar image
edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted

The vulnerability issue is regarding spring security In our latest release (12.3) we are using spring framework version 4.3.14 and spring security 4.2.3 and we did not encounter the problem above. Best Regards, Inbar

answered 2018-05-29 03:31:00 -0500

inbarc gravatar image
edit flag offensive delete link more


According to XAP 12.3 release notes (https://docs.gigaspaces.com/xap/12.3/...) you are using vulnerable spring 4.3.13. The build 12.3.0-ga-b19000 which is currently (as of 2018-06-06) available on XAP web site contains Spring libraries 4.3.13 indeed. Could you please explain why you mention 4.3.14 in your answer above?

Alexey Serdyuk gravatar image Alexey Serdyuk  ( 2018-06-06 04:01:13 -0500 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower


Asked: 2018-05-28 10:38:40 -0500

Seen: 276 times

Last updated: May 29 '18