packages/jetty
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
jetty/CVE-2023-36479.patch
wk333 1880572103 Fix CVE-2023-26048,CVE-2023-26049,CVE-2023-36479,CVE-2023-40167 
(cherry picked from commit 7ce772366c60df81751882f1ecef8497c77eb78f)
2024-10-16 14:11:46 +08:00

51 lines
2.0 KiB
Diff
Raw Permalink Blame History

From: Markus Koschany <apo@debian.org>
Date: Wed, 27 Sep 2023 14:25:09 +0200
Subject: CVE-2023-36479
The org.eclipse.jetty.servlets.CGI Servlet should not be used anymore.
Upstream recommends to use Fast CGI instead.
Origin: https://github.com/eclipse/jetty.project/pull/9888
---
.../src/main/java/org/eclipse/jetty/servlets/CGI.java | 3 +++
.../test-jetty-webapp/src/main/webapp/WEB-INF/web.xml | 11 -----------
2 files changed, 3 insertions(+), 11 deletions(-)
diff --git a/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/CGI.java b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/CGI.java
index 6322290..55d8f9a 100644
--- a/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/CGI.java
+++ b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/CGI.java
@@ -67,7 +67,10 @@ import org.eclipse.jetty.util.log.Logger;
* <dt>ignoreExitState</dt>
* <dd>If true then do not act on a non-zero exec exit status")</dd>
* </dl>
+ *
+ * @deprecated do not use, no replacement, will be removed in a future release.
*/
+@Deprecated
public class CGI extends HttpServlet
{
private static final long serialVersionUID = -6182088932884791074L;
diff --git a/tests/test-webapps/test-jetty-webapp/src/main/webapp/WEB-INF/web.xml b/tests/test-webapps/test-jetty-webapp/src/main/webapp/WEB-INF/web.xml
index 507771f..978595f 100644
--- a/tests/test-webapps/test-jetty-webapp/src/main/webapp/WEB-INF/web.xml
+++ b/tests/test-webapps/test-jetty-webapp/src/main/webapp/WEB-INF/web.xml
@@ -121,17 +121,6 @@
<url-pattern>/dispatch/*</url-pattern>
</servlet-mapping>
- <servlet>
- <servlet-name>CGI</servlet-name>
- <servlet-class>org.eclipse.jetty.servlets.CGI</servlet-class>
- <load-on-startup>1</load-on-startup>
- </servlet>
-
- <servlet-mapping>
- <servlet-name>CGI</servlet-name>
- <url-pattern>/cgi-bin/*</url-pattern>
- </servlet-mapping>
-
<servlet>
<servlet-name>Chat</servlet-name>
<servlet-class>com.acme.ChatServlet</servlet-class>
Reference in New Issue View Git Blame Copy Permalink