Jetty through 9.4.x is prone to a timing channel in util/security/Password.java, which makes it easier for remote attackers to obtain access by observing elapsed times before rejection of incorrect passwords.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
07 Nov 2023, 02:50
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2017-06-16 21:29
Updated : 2024-02-28 16:04
NVD link : CVE-2017-9735
Mitre link : CVE-2017-9735
CVE.ORG link : CVE-2017-9735
JSON object : View
Products Affected
oracle
- communications_cloud_native_core_policy
- enterprise_manager_base_platform
- retail_xstore_point_of_service
- rest_data_services
- hospitality_guest_access
debian
- debian_linux
eclipse
- jetty
CWE
CWE-203
Observable Discrepancy