Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2017-9735

Published: 16/06/2017 Updated: 07/11/2023
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 446
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Subscribe to Eclipse

Vulnerability Summary

Jetty up to and including 9.4.x is prone to a timing channel in util/security/Password.java, which makes it easier for remote malicious users to obtain access by observing elapsed times before rejection of incorrect passwords.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

eclipse jetty

debian debian linux 9.0

oracle retail xstore point of service 15.0

oracle retail xstore point of service 7.1

oracle hospitality guest access 4.2.0

oracle hospitality guest access 4.2.1

oracle retail xstore point of service 16.0

oracle enterprise manager base platform 13.3

oracle enterprise manager base platform 13.2

oracle retail xstore point of service 17.0

oracle rest data services 12.2.0.1

oracle rest data services 12.1.0.2

oracle rest data services 11.2.0.4

oracle rest data services 18c

oracle communications cloud native core policy 1.5.0

Vendor Advisories

Debian CVElist Bug Report Logs: jetty9: CVE-2017-9735: timing channel in Password.java
Debian Bug report logs - #864898 jetty9: CVE-2017-9735: timing channel in Passwordjava Package: src:jetty9; Maintainer for src:jetty9 is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 16 Jun 2017 18:51:01 UTC Severity: importan ...
Red Hat: CVE-2017-9735
Jetty through 94x is prone to a timing channel in util/security/Passwordjava, which makes it easier for remote attackers to obtain access by observing elapsed times before rejection of incorrect passwords ...

References

CWE-203https://github.com/eclipse/jetty.project/issues/1556https://bugs.debian.org/864631http://www.securityfocus.com/bid/99104https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.htmlhttps://www.oracle.com/security-alerts/cpuoct2020.htmlhttps://lists.debian.org/debian-lts-announce/2021/05/msg00016.htmlhttps://www.oracle.com//security-alerts/cpujul2021.htmlhttps://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3Ehttps://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272%40%3Cissues.activemq.apache.org%3Ehttps://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3Ehttps://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3Ehttps://lists.apache.org/thread.html/36870f6c51f5bc25e6f7bb1fcace0e57e81f1524019b11f466738559%40%3Ccommon-dev.hadoop.apache.org%3Ehttps://lists.apache.org/thread.html/f887a5978f5e4c62b9cfe876336628385cff429e796962649649ec8a%40%3Ccommon-issues.hadoop.apache.org%3Ehttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864898https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
deserializationCVE-2024-4040cross-site scriptingCVE-2023-25790CVE-2024-2961XML external entityCVE-2024-26926CVE-2024-32806CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook