Insufficient randomization of hash data structures causes
Jetty 5.1.14 to be vulnerable to a denial of service. A remote attacker
can use this vulnerability to cause the consumption of processor resources.
The attacker can send multiple specially crafted HTTP POST requests
to an affected application that contains conflicting hash key values.
These requests cause the Jetty server to become unresponsive. Resolve
the problem by running Rational® Change
on Jetty 8.1.3.
Rational Change
5.3
If you are installing Rational Change
5.3, first deploy the software on Jetty 8.1.3. Then, configure Jetty
to run in HTTPS/SSL mode.
Rational Change
5.3.1
If you are installing Rational Change 5.3.1, Jetty 8.1.3 is included
in the installer. You are ready to configure Jetty to run in HTTPS/SSL
mode.