Jetty through 9.4.x is prone to a timing channel in util/security/Password.java, which makes it easier for remote attackers to obtain access by observing elapsed times before rejection of incorrect passwords.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
21 Nov 2024, 03:36
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.securityfocus.com/bid/99104 - Third Party Advisory, VDB Entry | |
References | () https://bugs.debian.org/864631 - Issue Tracking, Mailing List, Third Party Advisory | |
References | () https://github.com/eclipse/jetty.project/issues/1556 - Issue Tracking, Patch, Third Party Advisory | |
References | () https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272%40%3Cissues.activemq.apache.org%3E - | |
References | () https://lists.apache.org/thread.html/36870f6c51f5bc25e6f7bb1fcace0e57e81f1524019b11f466738559%40%3Ccommon-dev.hadoop.apache.org%3E - | |
References | () https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E - | |
References | () https://lists.apache.org/thread.html/f887a5978f5e4c62b9cfe876336628385cff429e796962649649ec8a%40%3Ccommon-issues.hadoop.apache.org%3E - | |
References | () https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E - | |
References | () https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3E - | |
References | () https://lists.debian.org/debian-lts-announce/2021/05/msg00016.html - Mailing List, Third Party Advisory | |
References | () https://www.oracle.com//security-alerts/cpujul2021.html - Third Party Advisory | |
References | () https://www.oracle.com/security-alerts/cpuoct2020.html - Third Party Advisory | |
References | () https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html - Patch, Third Party Advisory |
07 Nov 2023, 02:50
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2017-06-16 21:29
Updated : 2024-11-21 03:36
NVD link : CVE-2017-9735
Mitre link : CVE-2017-9735
CVE.ORG link : CVE-2017-9735
JSON object : View
Products Affected
eclipse
- jetty
oracle
- enterprise_manager_base_platform
- communications_cloud_native_core_policy
- hospitality_guest_access
- rest_data_services
- retail_xstore_point_of_service
debian
- debian_linux
CWE
CWE-203
Observable Discrepancy