Closed mend-for-github-com[bot] closed 7 months ago
Utility classes for Jetty
Library home page: http://www.eclipse.org/jetty
Path to vulnerable library: /src/test/resources/webgoat/WEB-INF/lib/jetty-util-9.2.12.v20150709.jar
Dependency Hierarchy: - :x: **jetty-util-9.2.12.v20150709.jar** (Vulnerable Library)
Found in HEAD commit: e2144e84b1fdbf18c01c24e6ab9ade7b45b25283
Found in base branch: master
Jetty through 9.4.x is prone to a timing channel in util/security/Password.java, which makes it easier for remote attackers to obtain access by observing elapsed times before rejection of incorrect passwords.
Publish Date: 2017-06-16
URL: CVE-2017-9735
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: None - Availability Impact: None
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5784
Release Date: 2017-06-16
Fix Resolution: 9.2.22.v20170606
CVE-2017-9735 - High Severity Vulnerability
Utility classes for Jetty
Library home page: http://www.eclipse.org/jetty
Path to vulnerable library: /src/test/resources/webgoat/WEB-INF/lib/jetty-util-9.2.12.v20150709.jar
Dependency Hierarchy: - :x: **jetty-util-9.2.12.v20150709.jar** (Vulnerable Library)
Found in HEAD commit: e2144e84b1fdbf18c01c24e6ab9ade7b45b25283
Found in base branch: master
Jetty through 9.4.x is prone to a timing channel in util/security/Password.java, which makes it easier for remote attackers to obtain access by observing elapsed times before rejection of incorrect passwords.
Publish Date: 2017-06-16
URL: CVE-2017-9735
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: None - Availability Impact: None
For more information on CVSS3 Scores, click here.Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5784
Release Date: 2017-06-16
Fix Resolution: 9.2.22.v20170606