Description
Jetty through 9.4.x is prone to a timing channel in util/security/Password.java, which makes it easier for remote attackers to obtain access by observing elapsed times before rejection of incorrect passwords.
Remediation
References
Related Vulnerabilities
phpMyAdmin Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2011-2507)
Sqlite Improper Validation of Array Index Vulnerability (CVE-2022-35737)
Atlassian Jira CVE-2019-11583 Vulnerability (CVE-2019-11583)
WordPress Plugin SP Project & Document Manager Arbitrary File Upload (4.22)
PHP Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2023-0568)