My Oracle Support Banner

EM 13c: Multiple Vulnerabilities Reported on the Eclipse Jetty Server Used by Enterprise Manager 13.2/13.3 Cloud Control Agent (Doc ID 2518667.1)

Last updated on MAY 31, 2020

Applies to:

Enterprise Manager Base Platform - Version 13.2.0.0.0 to 13.3.0.0.0 [Release 13c]
Information in this document applies to any platform.

Symptoms

Multiple Vulnerabilities on Eclipse Jetty Server are identified during a Security Scan on the Enterprise Manager 13.2 and 13.3 Cloud Control Management Agent.

CVE-2017-7656
CVE-2017-7657
CVE-2017-7658
CVE-2018-12536
CVE-2018-12538

The Eclipse Jetty Server version used with the EM 13c agent is 9.2.1.v20140609. Scan results recommend to upgrade the Eclipse Jetty Server to a higher version.

Brief description of Eclipse Jetty :

Eclipse Jetty is a Java HTTP (Web) server and Java Servlet container. While Web Servers are usually associated with serving documents to people, Jetty is now often used for machine to machine communications, usually within larger software frameworks. Jetty is developed as a free and open source project as part of the Eclipse Foundation. 

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Cause
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.