Description

Jetty through 9.4.x is prone to a timing channel in util/security/Password.java, which makes it easier for remote attackers to obtain access by observing elapsed times before rejection of incorrect passwords.

Remediation

References

CVE-2017-9735

Related Vulnerabilities

WordPress Plugin BackWPup Remote and Local Code Execution (1.6.1)

Moodle Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2022-0983)

Coppermine Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2008-3481)

Joomla Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-11327)

XWiki Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2020-11057)

Severity

High

Classification

CVE-2017-9735 CWE-203 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities