cpe:/a:eclipse:jetty:9.4.6:20170531 CVE-2017-9735 2017-06-16T17:29:00.710-04:00 2019-04-16T14:29:03.437-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov BID 99104 MLIST [pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1 MISC https://bugs.debian.org/864631 MISC https://github.com/eclipse/jetty.project/issues/1556 Jetty through 9.4.x is prone to a timing channel in util/security/Password.java, which makes it easier for remote attackers to obtain access by observing elapsed times before rejection of incorrect passwords.