Description
Jetty through 9.4.x is prone to a timing channel in
util/security/Password.java, which makes it easier for remote attackers to
obtain access by observing elapsed times before rejection of incorrect
passwords.
Ubuntu-Description
It was discovered that Jetty incorrectly handled rejection of passwords.
An attacker could use this issue to possibly obtain sensitive information
via timing side-channel attack.
Package
Upstream: | released
(6.1.26-1+deb7u1)
|
Ubuntu 18.04 LTS: | DNE
|
Ubuntu 20.04 LTS: | DNE
|
Ubuntu 21.10: | DNE
|
Ubuntu 22.04 LTS: | DNE
|
Ubuntu 14.04 ESM: | released
(6.1.26-1ubuntu1.2)
|
Patches:
Package
Upstream: | released
(8.1.3-4+deb7u1)
|
Ubuntu 18.04 LTS: | DNE
|
Ubuntu 20.04 LTS: | DNE
|
Ubuntu 21.10: | DNE
|
Ubuntu 22.04 LTS: | DNE
|
Ubuntu 14.04 ESM: | needed
|
Patches:
Updated: 2022-04-25 00:23:01 UTC (commit ecc1009cb19540b950de59270950018900f37f15)