CVE-2017-9735
published 2017-06-16CVE-2017-9735: Jetty through 9.4.x is prone to a timing channel in util/security/Password.java, which makes it easier for remote attackers to obtain access by observing…
high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
Jetty through 9.4.x is prone to a timing channel in util/security/Password.java, which makes it easier for remote attackers to obtain access by observing elapsed times before rejection of incorrect passwords.
Affected
19 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| atlassian | jira_software | — | — |
| debian | debian_linux | — | — |
| debian | jetty9 | < jetty9 9.2.22-1 (bookworm) | jetty9 9.2.22-1 (bookworm) |
| eclipse | jetty | < 9.2.22 | 9.2.22 |
| eclipse | jetty | >= 9.3.0 < 9.3.20 | 9.3.20 |
| eclipse | jetty | >= 9.4.0 < 9.4.6 | 9.4.6 |
| oracle | communications_cloud_native_core_policy | — | — |
| oracle | enterprise_manager_base_platform | — | — |
| oracle | enterprise_manager_base_platform | — | — |
| oracle | hospitality_guest_access | — | — |
| oracle | hospitality_guest_access | — | — |
| oracle | rest_data_services | — | — |
| oracle | rest_data_services | — | — |
| oracle | rest_data_services | — | — |
| oracle | rest_data_services | — | — |
| oracle | retail_xstore_point_of_service | — | — |
| oracle | retail_xstore_point_of_service | — | — |
| oracle | retail_xstore_point_of_service | — | — |
| oracle | retail_xstore_point_of_service | — | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
osv7.5HIGH