CVE-2017-9735

Jetty through 9.4.x is prone to a timing channel in util/security/Password.java, which makes it easier for remote attackers to obtain access by observing elapsed times before rejection of incorrect passwords.

CVSS v3 7.5 HIGH
CVSS v2.0 5.0 MEDIUM

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://www.securityfocus.com/bid/99104	Third Party Advisory VDB Entry
https://bugs.debian.org/864631	Issue Tracking Mailing List Third Party Advisory
https://github.com/eclipse/jetty.project/issues/1556	Issue Tracking Patch Third Party Advisory
https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272%40%3Cissues.activemq.apache.org%3E
https://lists.apache.org/thread.html/36870f6c51f5bc25e6f7bb1fcace0e57e81f1524019b11f466738559%40%3Ccommon-dev.hadoop.apache.org%3E
https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E
https://lists.apache.org/thread.html/f887a5978f5e4c62b9cfe876336628385cff429e796962649649ec8a%40%3Ccommon-issues.hadoop.apache.org%3E
https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E
https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3E
https://lists.debian.org/debian-lts-announce/2021/05/msg00016.html	Mailing List Third Party Advisory
https://www.oracle.com//security-alerts/cpujul2021.html	Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2020.html	Third Party Advisory
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html	Patch Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:eclipse:jetty::::::::
	cpe:2.3:a:eclipse:jetty::::::::
	cpe:2.3:a:eclipse:jetty::::::::

Configuration 2 (hide)

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Configuration 3 (hide)

OR	cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.5.0:::::::*
	cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2:::::::*
	cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3:::::::*
	cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:::::::*
	cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:::::::*
	cpe:2.3:a:oracle:rest_data_services:11.2.0.4::::-:::
	cpe:2.3:a:oracle:rest_data_services:12.1.0.2::::-:::
	cpe:2.3:a:oracle:rest_data_services:12.2.0.1::::-:::
	cpe:2.3:a:oracle:rest_data_services:18c::::-:::
	cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:::::::*
	cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:::::::*
	cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0:::::::*
	cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0:::::::*

History

No history.

Information

Published : 2017-06-16 21:29

Updated : 2023-11-07 02:50

NVD link : CVE-2017-9735

Mitre link : CVE-2017-9735

CVE.ORG link : CVE-2017-9735

JSON object : View

Products Affected

oracle

communications_cloud_native_core_policy
enterprise_manager_base_platform
retail_xstore_point_of_service
rest_data_services
hospitality_guest_access

eclipse

jetty

debian

debian_linux

CWE

CWE-203

Observable Discrepancy

{"id": "CVE-2017-9735", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2017-06-16T21:29:00.710", "references": [{"url": "http://www.securityfocus.com/bid/99104", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "https://bugs.debian.org/864631", "tags": ["Issue Tracking", "Mailing List", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/eclipse/jetty.project/issues/1556", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272%40%3Cissues.activemq.apache.org%3E", "source": "cve@mitre.org"}, {"url": "https://lists.apache.org/thread.html/36870f6c51f5bc25e6f7bb1fcace0e57e81f1524019b11f466738559%40%3Ccommon-dev.hadoop.apache.org%3E", "source": "cve@mitre.org"}, {"url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E", "source": "cve@mitre.org"}, {"url": "https://lists.apache.org/thread.html/f887a5978f5e4c62b9cfe876336628385cff429e796962649649ec8a%40%3Ccommon-issues.hadoop.apache.org%3E", "source": "cve@mitre.org"}, {"url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E", "source": "cve@mitre.org"}, {"url": "https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3E", "source": "cve@mitre.org"}, {"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00016.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.oracle.com//security-alerts/cpujul2021.html", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.oracle.com/security-alerts/cpuoct2020.html", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", "tags": ["Patch", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-203"}]}], "descriptions": [{"lang": "en", "value": "Jetty through 9.4.x is prone to a timing channel in util/security/Password.java, which makes it easier for remote attackers to obtain access by observing elapsed times before rejection of incorrect passwords."}, {"lang": "es", "value": "Jetty hasta la versi\u00f3n 9.4.x es propenso a una sincronizaci\u00f3n de canal en util/security/Password.java, lo que facilita que atacantes remotos obtengan acceso observando el tiempo transcurrido antes de rechazar contrase\u00f1as incorrectas. SR 760 Feeder Protection Relay, en versiones de firmware anteriores a la 7.47; SR 469 Motor Protection Relay, en versiones de firmware anteriores a la 5.23; SR 489 Generator Protection Relay, en versiones de firmware anteriores a la 4.06; SR 745 Transformer Protection Relay, en versiones de firmware anteriores a la 5.23; SR 369 Motor Protection Relay, en todas las versiones de firmware; Multilin Universal Relay, en versiones de firmware 6.0 y anteriores; y Multilin URplus (D90, C90, B95), en todas las versiones. Las versiones en texto cifrado de contrase\u00f1as de usuario fueron creadas con un vector de inicializaci\u00f3n no aleatorio, dej\u00e1ndolas expuestas a ataques de diccionario. El texto cifrado de las contrase\u00f1as de usuario se pueden obtener del panel LCD de los productos afectados y a trav\u00e9s de los comandos Modbus enviados."}], "lastModified": "2023-11-07T02:50:51.477", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CDC78342-7D90-4360-8BF1-F59AA812A5CC", "versionEndExcluding": "9.2.22"}, {"criteria": "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "87B0BE2C-7D3E-4109-943D-4C9820AA8A58", "versionEndExcluding": "9.3.20", "versionStartIncluding": "9.3.0"}, {"criteria": "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C4E56EF2-6D17-41A3-8C7A-7A5D93BDD085", "versionEndExcluding": "9.4.6", "versionStartIncluding": "9.4.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6AA0A02F-18B1-42E6-80F3-8C6D11A73118"}, {"criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "40F194FC-4116-45C4-A5B4-B9822EAC3250"}, {"criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7DBED5A1-5D0A-40D6-ACF1-695F7FCA70FE"}, {"criteria": "cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1A3DC116-2844-47A1-BEC2-D0675DD97148"}, {"criteria": "cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E0F1DF3E-0F2D-4EFC-9A3E-F72149C8AE94"}, {"criteria": "cpe:2.3:a:oracle:rest_data_services:11.2.0.4:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "36FC547E-861A-418C-A314-DA09A457B13A"}, {"criteria": "cpe:2.3:a:oracle:rest_data_services:12.1.0.2:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "DF9FEE51-50E3-41E9-AA0D-272A640F85CC"}, {"criteria": "cpe:2.3:a:oracle:rest_data_services:12.2.0.1:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "E69E905F-2E1A-4462-9082-FF7B10474496"}, {"criteria": "cpe:2.3:a:oracle:rest_data_services:18c:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "0F9B692C-8986-4F91-9EF4-2BB1E3B5C133"}, {"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A0ED83E3-E6BF-4EAA-AF8F-33485A88A218"}, {"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "11DA6839-849D-4CEF-85F3-38FE75E07183"}, {"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BCE78490-A4BE-40BD-8C72-0A4526BBD4A4"}, {"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "55AE3629-4A66-49E4-A33D-6D81CC94962F"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}

7.5 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

5.0 /10

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

JSON object

Attach tags to CVE-2017-9735

7.5^/10

5.0^/10

Attach tags to `CVE-2017-9735`