Jetty up to and including 9.4.x is prone to a timing channel in util/security/Password.java, which makes it easier for remote malicious users to obtain access by observing elapsed times before rejection of incorrect passwords.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
eclipse jetty |
||
debian debian linux 9.0 |
||
oracle retail xstore point of service 15.0 |
||
oracle retail xstore point of service 7.1 |
||
oracle hospitality guest access 4.2.0 |
||
oracle hospitality guest access 4.2.1 |
||
oracle retail xstore point of service 16.0 |
||
oracle enterprise manager base platform 13.3 |
||
oracle enterprise manager base platform 13.2 |
||
oracle retail xstore point of service 17.0 |
||
oracle rest data services 12.2.0.1 |
||
oracle rest data services 12.1.0.2 |
||
oracle rest data services 11.2.0.4 |
||
oracle rest data services 18c |
||
oracle communications cloud native core policy 1.5.0 |