Vulnerability	Vulnerable Version
H Timing Attack org.eclipse.jetty:jetty-util is a lightweight highly scalable java based web server and servlet engine. Affected versions of this package are vulnerable to Timing Attacks. A flaw in the `util/security/Password.java` class makes it easier for remote attackers to obtain access by observing elapsed times before rejection of incorrect passwords. How to fix Timing Attack? Upgrade `org.eclipse.jetty:jetty-util` to versions 9.2.22, 9.3.20, 9.4.6 or higher.	[,9.2.22.v20170606)[9.3.0.M0,9.3.20.v20170531)[9.4.0.M0,9.4.6.v20170531)

Timing Attack

org.eclipse.jetty:jetty-util is a lightweight highly scalable java based web server and servlet engine.

Affected versions of this package are vulnerable to Timing Attacks. A flaw in the util/security/Password.java class makes it easier for remote attackers to obtain access by observing elapsed times before rejection of incorrect passwords.

How to fix Timing Attack?

Upgrade org.eclipse.jetty:jetty-util to versions 9.2.22, 9.3.20, 9.4.6 or higher.

[,9.2.22.v20170606)[9.3.0.M0,9.3.20.v20170531)[9.4.0.M0,9.4.6.v20170531)

Go back to all versions of this package