Vulnerable Libraries - jetty-util-8.0.4.v20111024.jar, jetty-util-9.4.1.v20170120.jar, jetty-util-8.1.22.v20160922.jar, jetty-util-9.2.15.v20160210.jar, jetty-util-9.3.2.v20150730.jar, jetty-util-9.0.0.v20130308.jar, jetty-util-9.1.0.v20131115.jar, jetty-util-8.2.0.v20160908.jar, jetty-util-9.4.5.v20170502.jar, jetty-util-9.2.12.v20150709.jar, jetty-util-7.6.0.v20120127.jar, jetty-util-7.0.0.v20091005.jar, jetty-util-9.0.7.v20131107.jar, jetty-util-9.3.6.v20151106.jar, jetty-util-7.6.21.v20160908.jar, jetty-util-9.2.9.v20150224.jar
jetty-util-8.0.4.v20111024.jar
Utility classes for Jetty
Library home page: http://www.eclipse.org/jetty
Path to dependency file: /dd-java-agent/instrumentation/jetty-7.0/jetty-7.0.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-util/8.0.4.v20111024/33f60c71941d90302751f72a12bcf1d299c17c75/jetty-util-8.0.4.v20111024.jar
Dependency Hierarchy:
- jetty-server-8.0.4.v20111024.jar (Root Library)
- jetty-http-8.0.4.v20111024.jar
- jetty-io-8.0.4.v20111024.jar
- ❌ jetty-util-8.0.4.v20111024.jar (Vulnerable Library)
jetty-util-9.4.1.v20170120.jar
Utility classes for Jetty
Library home page: http://www.eclipse.org/jetty
Path to dependency file: /dd-java-agent/benchmark-integration/jetty-perftest/jetty-perftest.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-util/9.4.1.v20170120/810c4e4275e399feaf6e8bc51aa72645bdc06205/jetty-util-9.4.1.v20170120.jar
Dependency Hierarchy:
- jetty-server-9.4.1.v20170120.jar (Root Library)
- jetty-http-9.4.1.v20170120.jar
- ❌ jetty-util-9.4.1.v20170120.jar (Vulnerable Library)
jetty-util-8.1.22.v20160922.jar
Utility classes for Jetty
Library home page: http://www.eclipse.org/jetty
Path to dependency file: /dd-java-agent/appsec/weblog/weblog-spring-app/weblog-spring-app.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-util/8.1.22.v20160922/5ae59f43ce3a356c98d6a3b7b2b8ef46f227ff1d/jetty-util-8.1.22.v20160922.jar
Dependency Hierarchy:
- spring-boot-starter-jetty-1.5.9.RELEASE.jar (Root Library)
- jetty-webapp-8.1.22.v20160922.jar
- jetty-xml-8.1.22.v20160922.jar
- ❌ jetty-util-8.1.22.v20160922.jar (Vulnerable Library)
jetty-util-9.2.15.v20160210.jar
Utility classes for Jetty
Library home page: http://www.eclipse.org/jetty
Path to dependency file: /dd-smoke-tests/play-2.5/play-2.5.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-util/9.2.15.v20160210/ccd245541cc63311bdcfe551525bd7d82ea5e92c/jetty-util-9.2.15.v20160210.jar
Dependency Hierarchy:
- play-test_2.11-2.5.19.jar (Root Library)
- htmlunit-2.20.jar
- websocket-client-9.2.15.v20160210.jar
- ❌ jetty-util-9.2.15.v20160210.jar (Vulnerable Library)
jetty-util-9.3.2.v20150730.jar
Utility classes for Jetty
Library home page: http://www.eclipse.org/jetty
Path to dependency file: /dd-java-agent/instrumentation/sparkjava-2.3/sparkjava-2.3.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-util/9.3.2.v20150730/96eab74d8886ee9d51b6a3eeab9744807e842169/jetty-util-9.3.2.v20150730.jar
Dependency Hierarchy:
- spark-core-2.3.jar (Root Library)
- jetty-webapp-9.3.2.v20150730.jar
- jetty-xml-9.3.2.v20150730.jar
- ❌ jetty-util-9.3.2.v20150730.jar (Vulnerable Library)
jetty-util-9.0.0.v20130308.jar
Utility classes for Jetty
Library home page: http://www.eclipse.org/jetty
Path to dependency file: /dd-java-agent/instrumentation/jetty-9/jetty-9.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-util/9.0.0.v20130308/19859238118e33ad1be4c0b629fe69c0f73853f4/jetty-util-9.0.0.v20130308.jar
Dependency Hierarchy:
- jetty-server-9.0.0.v20130308.jar (Root Library)
- jetty-io-9.0.0.v20130308.jar
- ❌ jetty-util-9.0.0.v20130308.jar (Vulnerable Library)
jetty-util-9.1.0.v20131115.jar
Utility classes for Jetty
Library home page: http://www.eclipse.org/jetty
Path to dependency file: /dd-java-agent/instrumentation/jetty-client-9.1/jetty-client-9.1.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-util/9.1.0.v20131115/440fc44218366a7b58739aef4402b4927e135b9c/jetty-util-9.1.0.v20131115.jar,/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-util/9.1.0.v20131115/440fc44218366a7b58739aef4402b4927e135b9c/jetty-util-9.1.0.v20131115.jar
Dependency Hierarchy:
- ❌ jetty-util-9.1.0.v20131115.jar (Vulnerable Library)
jetty-util-8.2.0.v20160908.jar
Utility classes for Jetty
Library home page: http://www.eclipse.org/jetty
Path to dependency file: /dd-java-agent/instrumentation/jetty-7.6/jetty-7.6.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-util/8.2.0.v20160908/4ee77aaee05035ca4255d21187ff50b45ef81f55/jetty-util-8.2.0.v20160908.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-util/8.2.0.v20160908/4ee77aaee05035ca4255d21187ff50b45ef81f55/jetty-util-8.2.0.v20160908.jar
Dependency Hierarchy:
- jetty-server-8.2.0.v20160908.jar (Root Library)
- jetty-http-8.2.0.v20160908.jar
- jetty-io-8.2.0.v20160908.jar
- ❌ jetty-util-8.2.0.v20160908.jar (Vulnerable Library)
jetty-util-9.4.5.v20170502.jar
Utility classes for Jetty
Library home page: http://www.eclipse.org/jetty
Path to dependency file: /dd-smoke-tests/play-2.6/play-2.6.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-util/9.4.5.v20170502/5fd36dfcf39110b809bd9b20cec62706ab694711/jetty-util-9.4.5.v20170502.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-util/9.4.5.v20170502/5fd36dfcf39110b809bd9b20cec62706ab694711/jetty-util-9.4.5.v20170502.jar
Dependency Hierarchy:
- play-test_2.12-2.6.25.jar (Root Library)
- htmlunit-driver-2.27.jar
- htmlunit-2.27.jar
- websocket-client-9.4.5.v20170502.jar
- ❌ jetty-util-9.4.5.v20170502.jar (Vulnerable Library)
jetty-util-9.2.12.v20150709.jar
Utility classes for Jetty
Library home page: http://www.eclipse.org/jetty
Path to dependency file: /dd-smoke-tests/play-2.4/play-2.4.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-util/9.2.12.v20150709/d99d38adfdb5ec677643f04fa862554b0bb8b42e/jetty-util-9.2.12.v20150709.jar
Dependency Hierarchy:
- play-test_2.11-2.4.11.jar (Root Library)
- fluentlenium-core-0.10.9.jar
- selenium-java-2.48.2.jar
- selenium-htmlunit-driver-2.48.2.jar
- htmlunit-2.18.jar
- websocket-client-9.2.12.v20150709.jar
- ❌ jetty-util-9.2.12.v20150709.jar (Vulnerable Library)
jetty-util-7.6.0.v20120127.jar
Utility classes for Jetty
Library home page: http://www.eclipse.org/jetty
Path to dependency file: /dd-java-agent/instrumentation/jetty-7.6/jetty-7.6.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-util/7.6.0.v20120127/2c2bb1f28510723b955a48b40ba7f2aac4de22a4/jetty-util-7.6.0.v20120127.jar
Dependency Hierarchy:
- jetty-server-7.6.0.v20120127.jar (Root Library)
- jetty-http-7.6.0.v20120127.jar
- jetty-io-7.6.0.v20120127.jar
- ❌ jetty-util-7.6.0.v20120127.jar (Vulnerable Library)
jetty-util-7.0.0.v20091005.jar
Utility classes for Jetty
Library home page: http://www.eclipse.org/jetty
Path to dependency file: /dd-java-agent/instrumentation/servlet/request-2/request-2.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-util/7.0.0.v20091005/5b6c27791dc5ec98feca5a87aaecf38b5109d43a/jetty-util-7.0.0.v20091005.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-util/7.0.0.v20091005/5b6c27791dc5ec98feca5a87aaecf38b5109d43a/jetty-util-7.0.0.v20091005.jar
Dependency Hierarchy:
- jetty-server-7.0.0.v20091005.jar (Root Library)
- jetty-http-7.0.0.v20091005.jar
- jetty-io-7.0.0.v20091005.jar
- ❌ jetty-util-7.0.0.v20091005.jar (Vulnerable Library)
jetty-util-9.0.7.v20131107.jar
Utility classes for Jetty
Library home page: http://www.eclipse.org/jetty
Path to dependency file: /dd-java-agent/instrumentation/dropwizard/dropwizard-views/dropwizard-views.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-util/9.0.7.v20131107/93a606c83b047e8855eb3af68c335e60fa757367/jetty-util-9.0.7.v20131107.jar
Dependency Hierarchy:
- dropwizard-views-0.7.0.jar (Root Library)
- dropwizard-core-0.7.0.jar
- dropwizard-lifecycle-0.7.0.jar
- jetty-server-9.0.7.v20131107.jar
- jetty-io-9.0.7.v20131107.jar
- ❌ jetty-util-9.0.7.v20131107.jar (Vulnerable Library)
jetty-util-9.3.6.v20151106.jar
Utility classes for Jetty
Library home page: http://www.eclipse.org/jetty
Path to dependency file: /dd-java-agent/instrumentation/sparkjava-2.3/sparkjava-2.3.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-util/9.3.6.v20151106/8721c8e670c11ea19005c567733453956b6243fc/jetty-util-9.3.6.v20151106.jar
Dependency Hierarchy:
- spark-core-2.4.jar (Root Library)
- jetty-server-9.3.6.v20151106.jar
- jetty-io-9.3.6.v20151106.jar
- ❌ jetty-util-9.3.6.v20151106.jar (Vulnerable Library)
jetty-util-7.6.21.v20160908.jar
Utility classes for Jetty
Library home page: http://www.eclipse.org/jetty
Path to dependency file: /dd-java-agent/instrumentation/servlet/request-2/request-2.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-util/7.6.21.v20160908/bd135a2685448834da4e0e993252620141d7528b/jetty-util-7.6.21.v20160908.jar
Dependency Hierarchy:
- jetty-server-7.6.21.v20160908.jar (Root Library)
- jetty-http-7.6.21.v20160908.jar
- jetty-io-7.6.21.v20160908.jar
- ❌ jetty-util-7.6.21.v20160908.jar (Vulnerable Library)
jetty-util-9.2.9.v20150224.jar
Utility classes for Jetty
Library home page: http://www.eclipse.org/jetty
Path to dependency file: /dd-java-agent/instrumentation/dropwizard/dropwizard.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-util/9.2.9.v20150224/b5fb774a02158e9f66fed949581159a8d0dfcbe1/jetty-util-9.2.9.v20150224.jar
Dependency Hierarchy:
- dropwizard-testing-0.8.0.jar (Root Library)
- dropwizard-core-0.8.0.jar
- dropwizard-logging-0.8.0.jar
- ❌ jetty-util-9.2.9.v20150224.jar (Vulnerable Library)
Found in HEAD commit: 2819174635979a19573ec0ce8e3e2b63a3848079
Found in base branch: master
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5784
Release Date: 2017-06-16
Fix Resolution (org.eclipse.jetty:jetty-util): 9.2.22.v20170606
Direct dependency fix Resolution (org.eclipse.jetty:jetty-server): 9.2.22.v20170606
Fix Resolution (org.eclipse.jetty:jetty-util): 9.4.7.RC0
Direct dependency fix Resolution (org.eclipse.jetty:jetty-server): 9.4.3.v20180619
Fix Resolution (org.eclipse.jetty:jetty-util): 9.2.22.v20170606
Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-jetty): 1.5.10.RELEASE
Fix Resolution (org.eclipse.jetty:jetty-util): 9.2.22.v20170606
Direct dependency fix Resolution (com.typesafe.play:play-test_2.11): 2.6.0
Fix Resolution (org.eclipse.jetty:jetty-util): 9.3.20.v20170531
Direct dependency fix Resolution (com.sparkjava:spark-core): 2.6.0
Fix Resolution (org.eclipse.jetty:jetty-util): 9.2.22.v20170606
Direct dependency fix Resolution (org.eclipse.jetty:jetty-server): 9.2.22.v20170606
Fix Resolution (org.eclipse.jetty:jetty-util): 9.2.22.v20170606
Direct dependency fix Resolution (org.eclipse.jetty:jetty-server): 9.2.22.v20170606
Fix Resolution (org.eclipse.jetty:jetty-util): 9.4.7.RC0
Direct dependency fix Resolution (com.typesafe.play:play-test_2.12): 2.7.0
Fix Resolution (org.eclipse.jetty:jetty-util): 9.2.22.v20170606
Direct dependency fix Resolution (com.typesafe.play:play-test_2.11): 2.6.0
Fix Resolution (org.eclipse.jetty:jetty-util): 9.2.22.v20170606
Direct dependency fix Resolution (org.eclipse.jetty:jetty-server): 9.2.22.v20170606
Fix Resolution (org.eclipse.jetty:jetty-util): 9.2.22.v20170606
Direct dependency fix Resolution (org.eclipse.jetty:jetty-server): 9.2.22.v20170606
Fix Resolution (org.eclipse.jetty:jetty-util): 9.3.20.v20170531
Direct dependency fix Resolution (com.sparkjava:spark-core): 2.6.0
Fix Resolution (org.eclipse.jetty:jetty-util): 9.2.22.v20170606
Direct dependency fix Resolution (org.eclipse.jetty:jetty-server): 9.2.22.v20170606
Fix Resolution (org.eclipse.jetty:jetty-util): 9.2.22.v20170606
Direct dependency fix Resolution (io.dropwizard:dropwizard-testing): 1.0.0
CVE-2017-9735 - High Severity Vulnerability
jetty-util-8.0.4.v20111024.jar
Utility classes for Jetty
Library home page: http://www.eclipse.org/jetty
Path to dependency file: /dd-java-agent/instrumentation/jetty-7.0/jetty-7.0.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-util/8.0.4.v20111024/33f60c71941d90302751f72a12bcf1d299c17c75/jetty-util-8.0.4.v20111024.jar
Dependency Hierarchy:
jetty-util-9.4.1.v20170120.jar
Utility classes for Jetty
Library home page: http://www.eclipse.org/jetty
Path to dependency file: /dd-java-agent/benchmark-integration/jetty-perftest/jetty-perftest.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-util/9.4.1.v20170120/810c4e4275e399feaf6e8bc51aa72645bdc06205/jetty-util-9.4.1.v20170120.jar
Dependency Hierarchy:
jetty-util-8.1.22.v20160922.jar
Utility classes for Jetty
Library home page: http://www.eclipse.org/jetty
Path to dependency file: /dd-java-agent/appsec/weblog/weblog-spring-app/weblog-spring-app.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-util/8.1.22.v20160922/5ae59f43ce3a356c98d6a3b7b2b8ef46f227ff1d/jetty-util-8.1.22.v20160922.jar
Dependency Hierarchy:
jetty-util-9.2.15.v20160210.jar
Utility classes for Jetty
Library home page: http://www.eclipse.org/jetty
Path to dependency file: /dd-smoke-tests/play-2.5/play-2.5.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-util/9.2.15.v20160210/ccd245541cc63311bdcfe551525bd7d82ea5e92c/jetty-util-9.2.15.v20160210.jar
Dependency Hierarchy:
jetty-util-9.3.2.v20150730.jar
Utility classes for Jetty
Library home page: http://www.eclipse.org/jetty
Path to dependency file: /dd-java-agent/instrumentation/sparkjava-2.3/sparkjava-2.3.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-util/9.3.2.v20150730/96eab74d8886ee9d51b6a3eeab9744807e842169/jetty-util-9.3.2.v20150730.jar
Dependency Hierarchy:
jetty-util-9.0.0.v20130308.jar
Utility classes for Jetty
Library home page: http://www.eclipse.org/jetty
Path to dependency file: /dd-java-agent/instrumentation/jetty-9/jetty-9.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-util/9.0.0.v20130308/19859238118e33ad1be4c0b629fe69c0f73853f4/jetty-util-9.0.0.v20130308.jar
Dependency Hierarchy:
jetty-util-9.1.0.v20131115.jar
Utility classes for Jetty
Library home page: http://www.eclipse.org/jetty
Path to dependency file: /dd-java-agent/instrumentation/jetty-client-9.1/jetty-client-9.1.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-util/9.1.0.v20131115/440fc44218366a7b58739aef4402b4927e135b9c/jetty-util-9.1.0.v20131115.jar,/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-util/9.1.0.v20131115/440fc44218366a7b58739aef4402b4927e135b9c/jetty-util-9.1.0.v20131115.jar
Dependency Hierarchy:
jetty-util-8.2.0.v20160908.jar
Utility classes for Jetty
Library home page: http://www.eclipse.org/jetty
Path to dependency file: /dd-java-agent/instrumentation/jetty-7.6/jetty-7.6.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-util/8.2.0.v20160908/4ee77aaee05035ca4255d21187ff50b45ef81f55/jetty-util-8.2.0.v20160908.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-util/8.2.0.v20160908/4ee77aaee05035ca4255d21187ff50b45ef81f55/jetty-util-8.2.0.v20160908.jar
Dependency Hierarchy:
jetty-util-9.4.5.v20170502.jar
Utility classes for Jetty
Library home page: http://www.eclipse.org/jetty
Path to dependency file: /dd-smoke-tests/play-2.6/play-2.6.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-util/9.4.5.v20170502/5fd36dfcf39110b809bd9b20cec62706ab694711/jetty-util-9.4.5.v20170502.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-util/9.4.5.v20170502/5fd36dfcf39110b809bd9b20cec62706ab694711/jetty-util-9.4.5.v20170502.jar
Dependency Hierarchy:
jetty-util-9.2.12.v20150709.jar
Utility classes for Jetty
Library home page: http://www.eclipse.org/jetty
Path to dependency file: /dd-smoke-tests/play-2.4/play-2.4.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-util/9.2.12.v20150709/d99d38adfdb5ec677643f04fa862554b0bb8b42e/jetty-util-9.2.12.v20150709.jar
Dependency Hierarchy:
jetty-util-7.6.0.v20120127.jar
Utility classes for Jetty
Library home page: http://www.eclipse.org/jetty
Path to dependency file: /dd-java-agent/instrumentation/jetty-7.6/jetty-7.6.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-util/7.6.0.v20120127/2c2bb1f28510723b955a48b40ba7f2aac4de22a4/jetty-util-7.6.0.v20120127.jar
Dependency Hierarchy:
jetty-util-7.0.0.v20091005.jar
Utility classes for Jetty
Library home page: http://www.eclipse.org/jetty
Path to dependency file: /dd-java-agent/instrumentation/servlet/request-2/request-2.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-util/7.0.0.v20091005/5b6c27791dc5ec98feca5a87aaecf38b5109d43a/jetty-util-7.0.0.v20091005.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-util/7.0.0.v20091005/5b6c27791dc5ec98feca5a87aaecf38b5109d43a/jetty-util-7.0.0.v20091005.jar
Dependency Hierarchy:
jetty-util-9.0.7.v20131107.jar
Utility classes for Jetty
Library home page: http://www.eclipse.org/jetty
Path to dependency file: /dd-java-agent/instrumentation/dropwizard/dropwizard-views/dropwizard-views.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-util/9.0.7.v20131107/93a606c83b047e8855eb3af68c335e60fa757367/jetty-util-9.0.7.v20131107.jar
Dependency Hierarchy:
jetty-util-9.3.6.v20151106.jar
Utility classes for Jetty
Library home page: http://www.eclipse.org/jetty
Path to dependency file: /dd-java-agent/instrumentation/sparkjava-2.3/sparkjava-2.3.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-util/9.3.6.v20151106/8721c8e670c11ea19005c567733453956b6243fc/jetty-util-9.3.6.v20151106.jar
Dependency Hierarchy:
jetty-util-7.6.21.v20160908.jar
Utility classes for Jetty
Library home page: http://www.eclipse.org/jetty
Path to dependency file: /dd-java-agent/instrumentation/servlet/request-2/request-2.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-util/7.6.21.v20160908/bd135a2685448834da4e0e993252620141d7528b/jetty-util-7.6.21.v20160908.jar
Dependency Hierarchy:
jetty-util-9.2.9.v20150224.jar
Utility classes for Jetty
Library home page: http://www.eclipse.org/jetty
Path to dependency file: /dd-java-agent/instrumentation/dropwizard/dropwizard.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-util/9.2.9.v20150224/b5fb774a02158e9f66fed949581159a8d0dfcbe1/jetty-util-9.2.9.v20150224.jar
Dependency Hierarchy:
Found in HEAD commit: 2819174635979a19573ec0ce8e3e2b63a3848079
Found in base branch: master
Jetty through 9.4.x is prone to a timing channel in util/security/Password.java, which makes it easier for remote attackers to obtain access by observing elapsed times before rejection of incorrect passwords.
Publish Date: 2017-06-16
URL: CVE-2017-9735
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: None
For more information on CVSS3 Scores, click here.Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5784
Release Date: 2017-06-16
Fix Resolution (org.eclipse.jetty:jetty-util): 9.2.22.v20170606
Direct dependency fix Resolution (org.eclipse.jetty:jetty-server): 9.2.22.v20170606
Fix Resolution (org.eclipse.jetty:jetty-util): 9.4.7.RC0
Direct dependency fix Resolution (org.eclipse.jetty:jetty-server): 9.4.3.v20180619
Fix Resolution (org.eclipse.jetty:jetty-util): 9.2.22.v20170606
Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-jetty): 1.5.10.RELEASE
Fix Resolution (org.eclipse.jetty:jetty-util): 9.2.22.v20170606
Direct dependency fix Resolution (com.typesafe.play:play-test_2.11): 2.6.0
Fix Resolution (org.eclipse.jetty:jetty-util): 9.3.20.v20170531
Direct dependency fix Resolution (com.sparkjava:spark-core): 2.6.0
Fix Resolution (org.eclipse.jetty:jetty-util): 9.2.22.v20170606
Direct dependency fix Resolution (org.eclipse.jetty:jetty-server): 9.2.22.v20170606
Fix Resolution (org.eclipse.jetty:jetty-util): 9.2.22.v20170606
Direct dependency fix Resolution (org.eclipse.jetty:jetty-server): 9.2.22.v20170606
Fix Resolution (org.eclipse.jetty:jetty-util): 9.4.7.RC0
Direct dependency fix Resolution (com.typesafe.play:play-test_2.12): 2.7.0
Fix Resolution (org.eclipse.jetty:jetty-util): 9.2.22.v20170606
Direct dependency fix Resolution (com.typesafe.play:play-test_2.11): 2.6.0
Fix Resolution (org.eclipse.jetty:jetty-util): 9.2.22.v20170606
Direct dependency fix Resolution (org.eclipse.jetty:jetty-server): 9.2.22.v20170606
Fix Resolution (org.eclipse.jetty:jetty-util): 9.2.22.v20170606
Direct dependency fix Resolution (org.eclipse.jetty:jetty-server): 9.2.22.v20170606
Fix Resolution (org.eclipse.jetty:jetty-util): 9.3.20.v20170531
Direct dependency fix Resolution (com.sparkjava:spark-core): 2.6.0
Fix Resolution (org.eclipse.jetty:jetty-util): 9.2.22.v20170606
Direct dependency fix Resolution (org.eclipse.jetty:jetty-server): 9.2.22.v20170606
Fix Resolution (org.eclipse.jetty:jetty-util): 9.2.22.v20170606
Direct dependency fix Resolution (io.dropwizard:dropwizard-testing): 1.0.0
⛑️ Automatic Remediation is available for this issue