Jetty through 9.4.x is prone to a timing channel in util/security/Password.java, which makes it easier for remote attackers to obtain access by observing elapsed times before rejection of incorrect passwords.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2017-06-16T21:00:00

Updated: 2024-08-05T17:18:01.294Z

Reserved: 2017-06-16T00:00:00

Link: CVE-2017-9735

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2017-06-16T21:29:00.710

Modified: 2024-11-21T03:36:43.747

Link: CVE-2017-9735

cve-icon Redhat

Severity : Moderate

Publid Date: 2017-05-16T00:00:00Z

Links: CVE-2017-9735 - Bugzilla