J2EEScan is a plugin for Burp Suite Proxy. The goal of this plugin is to improve the test coverage during web application penetration tests on J2EE applications.
Defect Jetty 11.x and 10.x End of Life checks
The Jetty EoL check does not work correctly. It only checks for the major version and thus generates a scan issue for Jetty 11.X.X and 10.X.X
Tested on Burp Pro version:
-Tested J2EEScan-1.2.6-jar-with-dependencies.jar version
-Tested public J2EEScan-2.0.1-dev-jar-with-dependencies.jar version
Defect Jetty 11.x and 10.x End of Life checks The Jetty EoL check does not work correctly. It only checks for the major version and thus generates a scan issue for Jetty 11.X.X and 10.X.X
Tested on Burp Pro version: -Tested J2EEScan-1.2.6-jar-with-dependencies.jar version
-Tested public J2EEScan-2.0.1-dev-jar-with-dependencies.jar version
Defect Jetty 11.x.x
Defect Jetty 10.x.x
Defect 9.4.48,v202206.22 <= 9.4.x is now EoL References
https://github.com/eclipse/jetty.project/releases https://www.eclipse.org/jetty/download.php
https://github.com/ilmila/J2EEScan/blob/1936af81732b8abfa9e4447c80335986d487460f/src/main/java/burp/SoftwareVersions.java#L70-L94