From 29f4a4b830023112d04a3b4f9a0795050b0b668c Mon Sep 17 00:00:00 2001
From: hieplq <hieplq@hasuvimex.vn>
Date: Tue, 23 Apr 2019 19:48:36 +0700
Subject: [PATCH] Jetty vulnerability

https://webtide.com/indexing-listing-vulnerability-in-jetty/

https://www.eclipse.org/lists/jetty-dev/msg03298.html
---
 org.adempiere.server/WEB-INF/web.xml      | 8 ++++++++
 org.adempiere.ui.zk/WEB-INF/web.xml       | 8 ++++++++
 org.idempiere.webservices/WEB-INF/web.xml | 9 ++++++++-
 3 files changed, 24 insertions(+), 1 deletion(-)

diff --git a/org.adempiere.server/WEB-INF/web.xml b/org.adempiere.server/WEB-INF/web.xml
index 5ced24fb3b..4e0ea919e4 100644
--- a/org.adempiere.server/WEB-INF/web.xml
+++ b/org.adempiere.server/WEB-INF/web.xml
@@ -54,6 +54,14 @@
             <param-value>org.adempiere.web.server.ServerApplication</param-value>
       </init-param>
     </servlet> -->
+    <servlet>
+    	<servlet-name>default</servlet-name>
+    	<servlet-class>org.eclipse.jetty.servlet.DefaultServlet</servlet-class>
+    	<init-param>
+      		<param-name>dirAllowed</param-name>
+      		<param-value>false</param-value>
+    	</init-param>
+  	</servlet>
 	<servlet-mapping>
 		<servlet-name>JnlpDownloadServlet</servlet-name>
 		<url-pattern>*.jnlp</url-pattern>
diff --git a/org.adempiere.ui.zk/WEB-INF/web.xml b/org.adempiere.ui.zk/WEB-INF/web.xml
index 712bf901c1..15898c060e 100644
--- a/org.adempiere.ui.zk/WEB-INF/web.xml
+++ b/org.adempiere.ui.zk/WEB-INF/web.xml
@@ -35,6 +35,14 @@
       <!-- Remove async-supported if you are not using Servlet 3.0 -->
       <async-supported>true</async-supported>
     </servlet>
+    <servlet>
+    	<servlet-name>default</servlet-name>
+    	<servlet-class>org.eclipse.jetty.servlet.DefaultServlet</servlet-class>
+    	<init-param>
+      		<param-name>dirAllowed</param-name>
+      		<param-value>false</param-value>
+    	</init-param>
+  	</servlet>
     <servlet-mapping>
       <servlet-name>AtmosphereServlet</servlet-name>
       <url-pattern>/zkau/comet</url-pattern>
diff --git a/org.idempiere.webservices/WEB-INF/web.xml b/org.idempiere.webservices/WEB-INF/web.xml
index f83446e40a..08ab39b75b 100644
--- a/org.idempiere.webservices/WEB-INF/web.xml
+++ b/org.idempiere.webservices/WEB-INF/web.xml
@@ -27,7 +27,14 @@
 		</servlet-class>
 		<load-on-startup>1</load-on-startup>
 	</servlet>
-
+	<servlet>
+    	<servlet-name>default</servlet-name>
+    	<servlet-class>org.eclipse.jetty.servlet.DefaultServlet</servlet-class>
+    	<init-param>
+      		<param-name>dirAllowed</param-name>
+      		<param-value>false</param-value>
+    	</init-param>
+  	</servlet>
 	<servlet-mapping>
 		<servlet-name>CXFServlet</servlet-name>
 		<url-pattern>/services/*</url-pattern>