Skip Navigation

[Resolved] eclipse jetty involved with Toolset?

This support ticket is created 6 years, 7 months ago. There's a good chance that you are reading advice that it now obsolete.

This is the technical support forum for Toolset - a suite of plugins for developing WordPress sites without writing PHP.

Everyone can read this forum, but only Toolset clients can post in it. Toolset support works 6 days per week, 19 hours per day.

Sun Mon Tue Wed Thu Fri Sat
- 9:00 – 13:00 9:00 – 13:00 9:00 – 13:00 9:00 – 13:00 9:00 – 13:00 -
- 14:00 – 18:00 14:00 – 18:00 14:00 – 18:00 14:00 – 18:00 14:00 – 18:00 -

Supporter timezone: Asia/Hong_Kong (GMT+08:00)

This topic contains 1 reply, has 2 voices.

Last updated by Luo Yang 6 years, 7 months ago.

Assisted by: Luo Yang.

Author
Posts
#789693

Hi,

My IP address was blocked today, according to my web hosting provider, due to:

"That IP was greylisted for triggering a mod_Security rule designed to protect your site from a known vulnerability CVE-2015-2080 with eclipse Jetty.

If you use this software, update it ASAP to close this hole. If you do not use eclipse Jetty, please let me know so I can disable this rule for your site."

The URL that triggered the lock was: hidden link

Is eclipse Jetty incorporated into the Toolset build? If so, perhaps there's a vulnerability to be cleared up? If not, perhaps there's something going on in the Toolset build that behaves in the same manner and triggering the lockout?

Julia

#791425

Dear Julia,

I have checked it in our to-do list, there isn't similar issue/report with the "eclipse Jetty".

I assume we are talking about layout editing page, I have searched it in the source codes of Layouts plugin, there are some CSS codes related with the keyword "eclipse":
\plugins\layouts\vendor\toolset\toolset-common\visual-editor\res\js\codemirror\theme\eclipse.css

That all from the Layouts plugin, I think you can disable this rule for your site