CVE-2017-9735

Priority
Description
Jetty through 9.4.x is prone to a timing channel in
util/security/Password.java, which makes it easier for remote attackers to
obtain access by observing elapsed times before rejection of incorrect
passwords.
Ubuntu-Description
It was discovered that Jetty incorrectly handled rejection of passwords.
An attacker could use this issue to possibly obtain sensitive information
via timing side-channel attack.
Notes
Package
Source: jetty (LP Ubuntu Debian)
Upstream:released (6.1.26-1+deb7u1)
Ubuntu 18.04 LTS:DNE
Ubuntu 20.04 LTS:DNE
Ubuntu 21.10:DNE
Ubuntu 22.04 LTS:DNE
Ubuntu 14.04 ESM:released (6.1.26-1ubuntu1.2)
Patches:
Package
Upstream:released (8.1.3-4+deb7u1)
Ubuntu 18.04 LTS:DNE
Ubuntu 20.04 LTS:DNE
Ubuntu 21.10:DNE
Ubuntu 22.04 LTS:DNE
Ubuntu 14.04 ESM:needed
Patches:
More Information

Updated: 2022-04-25 00:23:01 UTC (commit ecc1009cb19540b950de59270950018900f37f15)