CVE-2014-9970

Impact:
Moderate
Public Date:
2017-02-20
CWE:
CWE-385
Bugzilla:
1455566: CVE-2014-9970 jasypt: Vulnerable to timing attack against the password hash comparison
A vulnerability was found in Jasypt that would allow an attacker to perform a timing attack on password hash comparison.

Find out more about CVE-2014-9970 from the MITRE CVE dictionary dictionary and NIST NVD.

CVSS v3 metrics

CVSS3 Base Score 5.1
CVSS3 Base Metrics CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector Local
Attack Complexity High
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality High
Integrity Impact None
Availability Impact None

Red Hat Security Errata

Platform Errata Release Date
Red Hat JBoss BRMS 6.4 RHSA-2017:2547 2017-08-29
Red Hat Single Sign-On 7.1 for RHEL 7 Server (rh-sso7-keycloak) RHSA-2017:2905 2017-10-17
Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts (rhvm-appliance) RHSA-2017:3141 2017-11-07
Red Hat JBoss Data Grid 7.1 RHSA-2018:0294 2018-02-12
Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server (eap7-jboss-ec2-eap) RHSA-2017:2811 2017-09-26
Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server (eap7-jboss-ec2-eap) RHSA-2017:2811 2017-09-26
Red Hat Single Sign-On 7.1 for RHEL 6 Server (rh-sso7-keycloak) RHSA-2017:2904 2017-10-17
Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server RHSA-2017:2808 2017-09-26
Red Hat JBoss BPMS 6.4 RHSA-2017:2546 2017-08-29
Red Hat JBoss EAP 7 RHSA-2017:2810 2017-09-26
Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server RHSA-2017:2809 2017-09-26
Red Hat Single Sign-On 7.1 RHSA-2017:2906 2017-10-17

Affected Packages State

Platform Package State
Red Hat Virtualization 4 jasypt Will not fix
Red Hat Single Sign-On 7 jasypt Will not fix
Red Hat OpenShift Enterprise 2 jasypt Will not fix
Red Hat JBoss Fuse Service Works 6 jasypt Will not fix
Red Hat JBoss Fuse 6 jasypt Not affected
Red Hat JBoss BRMS 5 jasypt Will not fix
Red Hat JBoss A-MQ 6 jasypt Not affected

This page is generated automatically and has not been checked for errors or omissions.

For clarification or corrections please contact Red Hat Product Security.

Last Modified
Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.