Path to dependency file: /tmp/ws-scm/tensorio-android/javaexample/build.gradle
Path to vulnerable library: 20200803172627_FRGLVQ/downloadResource_KWMISC/20200803172805/jetty-util-9.3.4.RC0.jar,/tmp/ws-ua_20200803172627_FRGLVQ/downloadResource_KWMISC/20200803172805/jetty-util-9.3.4.RC0.jar
Jetty through 9.4.x is prone to a timing channel in util/security/Password.java, which makes it easier for remote attackers to obtain access by observing elapsed times before rejection of incorrect passwords.
CVE-2017-9735 - High Severity Vulnerability
Vulnerable Library - jetty-util-9.3.4.RC0.jar
Utility classes for Jetty
Library home page: http://www.eclipse.org/jetty
Path to dependency file: /tmp/ws-scm/tensorio-android/javaexample/build.gradle
Path to vulnerable library: 20200803172627_FRGLVQ/downloadResource_KWMISC/20200803172805/jetty-util-9.3.4.RC0.jar,/tmp/ws-ua_20200803172627_FRGLVQ/downloadResource_KWMISC/20200803172805/jetty-util-9.3.4.RC0.jar
Dependency Hierarchy: - :x: **jetty-util-9.3.4.RC0.jar** (Vulnerable Library)
Found in HEAD commit: ab681bed6317590621823b965bf9b7e4da2638aa
Vulnerability Details
Jetty through 9.4.x is prone to a timing channel in util/security/Password.java, which makes it easier for remote attackers to obtain access by observing elapsed times before rejection of incorrect passwords.
Publish Date: 2017-06-16
URL: CVE-2017-9735
CVSS 3 Score Details (7.5)
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: None - Availability Impact: None
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5784
Release Date: 2017-06-16
Fix Resolution: 9.4.7.RC0