Description
Jetty through 9.4.x is prone to a timing channel in util/security/Password.java, which makes it easier for remote attackers to obtain access by observing elapsed times before rejection of incorrect passwords.
Remediation
References
Related Vulnerabilities
Sqlite Other Vulnerability (CVE-2022-46908)
WordPress Plugin WooCommerce EnvioPack Cross-Site Scripting (1.2)
Envoy Proxy Uncontrolled Resource Consumption Vulnerability (CVE-2020-12605)
IBM RTC Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-2947)
Apache Tomcat Use of Incorrectly-Resolved Name or Reference Vulnerability (CVE-2025-24813)