CVE
CVE-2017-9735
Jetty vulnerable to exposure of sensitive information due to observable discrepancy
Jetty through 9.4.x contains a timing channel attack inĀ util/security/Password.java, which allows attackers to obtain access by observing elapsed times before rejection of incorrect passwords.
Endor Patches
Patch Name
Vulnerabilities fixed
Lines of Code Changed