VYPR
High severity7.5NVD Advisory· Published Jun 16, 2017· Updated Jun 17, 2026

CVE-2017-9735

CVE-2017-9735

Description

Jetty through 9.4.x is prone to a timing channel in util/security/Password.java, which makes it easier for remote attackers to obtain access by observing elapsed times before rejection of incorrect passwords.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.eclipse.jetty:jetty-serverMaven
>= 9.4.0, < 9.4.6.v201705319.4.6.v20170531
org.eclipse.jetty:jetty-serverMaven
>= 9.3.0, < 9.3.20.v201705319.3.20.v20170531
org.eclipse.jetty:jetty-serverMaven
< 9.2.22.v201706069.2.22.v20170606

Affected products

16
  • cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*
    Range: <9.2.22
  • cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:rest_data_services:11.2.0.4:*:*:*:-:*:*:*+ 3 more
    • cpe:2.3:a:oracle:rest_data_services:11.2.0.4:*:*:*:-:*:*:*
    • cpe:2.3:a:oracle:rest_data_services:12.1.0.2:*:*:*:-:*:*:*
    • cpe:2.3:a:oracle:rest_data_services:12.2.0.1:*:*:*:-:*:*:*
    • cpe:2.3:a:oracle:rest_data_services:18c:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*+ 3 more
    • cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
  • ghsa-coords
    Range: >= 9.4.0, < 9.4.6.v20170531

Patches

Vulnerability mechanics

References

23

News mentions

0

No linked articles in our index yet.