CVE-2014-9970 High Severity Vulnerability detected by WhiteSource

[mend-bolt-for-github[bot]]

CVE-2014-9970 - High Severity Vulnerability

Vulnerable Library - jasypt-1.9.0.jar

Java library which enables encryption in java apps with minimum effort.

path: 2/repository/org/jasypt/jasypt/1.9.0/jasypt-1.9.0.jar

Library home page: http://www.jasypt.org

Dependency Hierarchy: - :x: **jasypt-1.9.0.jar** (Vulnerable Library)

Vulnerability Details

jasypt before 1.9.2 allows a timing attack against the password hash comparison.

Publish Date: 2017-05-21

URL: CVE-2014-9970

CVSS 3 Score Details (7.5)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: None - Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: http://www.securitytracker.com/id/1039744

Fix Resolution: Red Hat has issued a fix. The Red Hat advisory is available at: https://access.redhat.com/errata/RHSA-2017:3141

---

Step up your Open Source Security Game with WhiteSource here

[stale[bot]]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs within 7 days. Thank you for your contributions.