7.5

CVSS Score

3.1

Basic Information

CVE ID

CVE-2017-9735

GHSA ID

GHSA-wfcc-pff6-rgc5

EPSS Score

0.69593%

CWE

CWE-200

Published

10/19/2018

Updated

8/15/2023

KEV Status

Technology

Java

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2017-9735

CVE-2017-9735: Jetty vulnerable to exposure of sensitive information due to observable discrepancy

Jetty through 9.4.x contains a timing channel attack in util/security/Password.java, which allows attackers to obtain access by observing elapsed times before rejection of incorrect passwords.

(GitHub Advisory)

7.5

CVSS Score

3.1

Basic Information

CVE ID

CVE-2017-9735

GHSA ID

GHSA-wfcc-pff6-rgc5

EPSS Score

0.69593%

CWE

CWE-200

Published

10/19/2018

Updated

8/15/2023

KEV Status

Technology

Java

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
org.eclipse.jetty:jetty-server	maven	>= 9.4.0, <= 9.4.5.v20170502	9.4.6.v20170531
org.eclipse.jetty:jetty-server	maven	>= 9.3.0, <= 9.3.19.v20170502	9.3.20.v20170531
org.eclipse.jetty:jetty-server	maven	<= 9.2.21.v20170120	9.2.22.v20170606

Vulnerability Intelligence
Miggo AI

Root Cause Analysis:

In progress

WAF Protection Rules

WAF Rule

J*tty t*rou** *.*.x *ont*ins * timin* ***nn*l *tt**k in `util/s**urity/P*sswor*.j*v*`, w*i** *llows *tt**k*rs to o*t*in ****ss *y o*s*rvin* *l*ps** tim*s ***or* r*j**tion o* in*orr**t p*sswor*s.

Reasoning

No *n*lysis *v*il**l*

7.5

Basic Information

Concerned about an active attack path?

CVE-2017-9735: Jetty vulnerable to exposure of sensitive information due to observable discrepancy

7.5

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI