Upgrading Rational Change on Jetty 8.1.3

Insufficient randomization of hash data structures causes Jetty 5.1.14 to be vulnerable to a denial of service. A remote attacker can use this vulnerability to cause the consumption of processor resources. The attacker can send multiple specially crafted HTTP POST requests to an affected application that contains conflicting hash key values. These requests cause the Jetty server to become unresponsive. Resolve the problem by running Rational® Change on Jetty 8.1.3.

Rational Change 5.3

If you are installing Rational Change 5.3, first deploy the software on Jetty 8.1.3. Then, configure Jetty to run in HTTPS/SSL mode.

Rational Change 5.3.1

If you are installing Rational Change 5.3.1, Jetty 8.1.3 is included in the installer. You are ready to configure Jetty to run in HTTPS/SSL mode.


Feedback