Description
jasypt before 1.9.2 allows a timing attack against the password hash comparison.
Analysis
No analysis available yet.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||
|---|---|---|---|---|---|---|---|---|---|
| n/a | n/a | affected |
|
| Package | CPE | Advisory | Released Date |
|---|---|---|---|
| Red Hat JBoss BPMS 6.4 | |||
| jasypt | cpe:/a:redhat:jboss_bpms:6.4 | RHSA-2017:2546 | 2017-08-29T00:00:00Z |
| Red Hat JBoss BRMS 6.4 | |||
| jasypt | cpe:/a:redhat:jboss_enterprise_brms_platform:6.4 | RHSA-2017:2547 | 2017-08-29T00:00:00Z |
| Red Hat JBoss Data Grid 7.1 | |||
| cpe:/a:redhat:jboss_data_grid:7.1 | RHSA-2018:0294 | 2018-02-12T00:00:00Z | |
| Red Hat JBoss EAP 7 | |||
| cpe:/a:redhat:jboss_enterprise_application_platform:7 | RHSA-2017:2810 | 2017-09-26T00:00:00Z | |
| Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 | |||
| eap7-artemis-native-0:1.1.0-13.redhat_4.ep7.el6 | cpe:/a:redhat:jboss_enterprise_application_platform:7::el6 | RHSA-2017:2809 | 2017-09-26T00:00:00Z |
| eap7-bouncycastle-0:1.56.0-3.redhat_2.2.ep7.el6 | cpe:/a:redhat:jboss_enterprise_application_platform:7::el6 | RHSA-2017:2809 | 2017-09-26T00:00:00Z |
| eap7-hibernate-validator-0:5.2.5-2.Final_redhat_2.1.ep7.el6 | cpe:/a:redhat:jboss_enterprise_application_platform:7::el6 | RHSA-2017:2809 | 2017-09-26T00:00:00Z |
| eap7-jasypt-0:1.9.2-2.redhat_1.1.ep7.el6 | cpe:/a:redhat:jboss_enterprise_application_platform:7::el6 | RHSA-2017:2809 | 2017-09-26T00:00:00Z |
| eap7-jboss-jms-api_2.0_spec-0:1.0.1-2.Final_redhat_1.1.ep7.el6 | cpe:/a:redhat:jboss_enterprise_application_platform:7::el6 | RHSA-2017:2809 | 2017-09-26T00:00:00Z |
| eap7-jboss-logmanager-0:2.0.7-2.Final_redhat_1.1.ep7.el6 | cpe:/a:redhat:jboss_enterprise_application_platform:7::el6 | RHSA-2017:2809 | 2017-09-26T00:00:00Z |
| eap7-jboss-metadata-0:10.0.2-2.Final_redhat_1.1.ep7.el6 | cpe:/a:redhat:jboss_enterprise_application_platform:7::el6 | RHSA-2017:2809 | 2017-09-26T00:00:00Z |
| eap7-jboss-remote-naming-0:2.0.5-1.Final_redhat_1.1.ep7.el6 | cpe:/a:redhat:jboss_enterprise_application_platform:7::el6 | RHSA-2017:2809 | 2017-09-26T00:00:00Z |
| eap7-jboss-remoting-0:4.0.24-1.Final_redhat_1.1.ep7.el6 | cpe:/a:redhat:jboss_enterprise_application_platform:7::el6 | RHSA-2017:2809 | 2017-09-26T00:00:00Z |
| eap7-log4j-jboss-logmanager-0:1.1.4-2.Final_redhat_1.1.ep7.el6 | cpe:/a:redhat:jboss_enterprise_application_platform:7::el6 | RHSA-2017:2809 | 2017-09-26T00:00:00Z |
| eap7-picketlink-bindings-0:2.5.5-9.SP8_redhat_1.1.ep7.el6 | cpe:/a:redhat:jboss_enterprise_application_platform:7::el6 | RHSA-2017:2809 | 2017-09-26T00:00:00Z |
| eap7-picketlink-federation-0:2.5.5-9.SP8_redhat_1.1.ep7.el6 | cpe:/a:redhat:jboss_enterprise_application_platform:7::el6 | RHSA-2017:2809 | 2017-09-26T00:00:00Z |
| eap7-undertow-0:1.3.31-1.Final_redhat_1.1.ep7.el6 | cpe:/a:redhat:jboss_enterprise_application_platform:7::el6 | RHSA-2017:2809 | 2017-09-26T00:00:00Z |
| eap7-wildfly-0:7.0.8-4.GA_redhat_1.1.ep7.el6 | cpe:/a:redhat:jboss_enterprise_application_platform:7::el6 | RHSA-2017:2809 | 2017-09-26T00:00:00Z |
| eap7-wildfly-javadocs-0:7.0.8-1.GA_redhat_1.1.ep7.el6 | cpe:/a:redhat:jboss_enterprise_application_platform:7::el6 | RHSA-2017:2809 | 2017-09-26T00:00:00Z |
| eap7-jboss-ec2-eap-0:7.0.8-1.GA_redhat_1.ep7.el6 | cpe:/a:redhat:jboss_enterprise_application_platform:7::el6 | RHSA-2017:2811 | 2017-09-26T00:00:00Z |
| Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 | |||
| eap7-artemis-native-0:1.1.0-13.redhat_4.ep7.el7 | cpe:/a:redhat:jboss_enterprise_application_platform:7::el7 | RHSA-2017:2808 | 2017-09-26T00:00:00Z |
| eap7-bouncycastle-0:1.56.0-3.redhat_2.2.ep7.el7 | cpe:/a:redhat:jboss_enterprise_application_platform:7::el7 | RHSA-2017:2808 | 2017-09-26T00:00:00Z |
| eap7-hibernate-validator-0:5.2.5-2.Final_redhat_2.1.ep7.el7 | cpe:/a:redhat:jboss_enterprise_application_platform:7::el7 | RHSA-2017:2808 | 2017-09-26T00:00:00Z |
| eap7-jasypt-0:1.9.2-2.redhat_1.1.ep7.el7 | cpe:/a:redhat:jboss_enterprise_application_platform:7::el7 | RHSA-2017:2808 | 2017-09-26T00:00:00Z |
| eap7-jboss-jms-api_2.0_spec-0:1.0.1-2.Final_redhat_1.1.ep7.el7 | cpe:/a:redhat:jboss_enterprise_application_platform:7::el7 | RHSA-2017:2808 | 2017-09-26T00:00:00Z |
| eap7-jboss-logmanager-0:2.0.7-2.Final_redhat_1.1.ep7.el7 | cpe:/a:redhat:jboss_enterprise_application_platform:7::el7 | RHSA-2017:2808 | 2017-09-26T00:00:00Z |
| eap7-jboss-metadata-0:10.0.2-2.Final_redhat_1.1.ep7.el7 | cpe:/a:redhat:jboss_enterprise_application_platform:7::el7 | RHSA-2017:2808 | 2017-09-26T00:00:00Z |
| eap7-jboss-remote-naming-0:2.0.5-1.Final_redhat_1.1.ep7.el7 | cpe:/a:redhat:jboss_enterprise_application_platform:7::el7 | RHSA-2017:2808 | 2017-09-26T00:00:00Z |
| eap7-jboss-remoting-0:4.0.24-1.Final_redhat_1.1.ep7.el7 | cpe:/a:redhat:jboss_enterprise_application_platform:7::el7 | RHSA-2017:2808 | 2017-09-26T00:00:00Z |
| eap7-log4j-jboss-logmanager-0:1.1.4-2.Final_redhat_1.1.ep7.el7 | cpe:/a:redhat:jboss_enterprise_application_platform:7::el7 | RHSA-2017:2808 | 2017-09-26T00:00:00Z |
| eap7-picketlink-bindings-0:2.5.5-9.SP8_redhat_1.1.ep7.el7 | cpe:/a:redhat:jboss_enterprise_application_platform:7::el7 | RHSA-2017:2808 | 2017-09-26T00:00:00Z |
| eap7-picketlink-federation-0:2.5.5-9.SP8_redhat_1.1.ep7.el7 | cpe:/a:redhat:jboss_enterprise_application_platform:7::el7 | RHSA-2017:2808 | 2017-09-26T00:00:00Z |
| eap7-undertow-0:1.3.31-1.Final_redhat_1.1.ep7.el7 | cpe:/a:redhat:jboss_enterprise_application_platform:7::el7 | RHSA-2017:2808 | 2017-09-26T00:00:00Z |
| eap7-wildfly-0:7.0.8-4.GA_redhat_1.1.ep7.el7 | cpe:/a:redhat:jboss_enterprise_application_platform:7::el7 | RHSA-2017:2808 | 2017-09-26T00:00:00Z |
| eap7-wildfly-javadocs-0:7.0.8-1.GA_redhat_1.1.ep7.el7 | cpe:/a:redhat:jboss_enterprise_application_platform:7::el7 | RHSA-2017:2808 | 2017-09-26T00:00:00Z |
| eap7-jboss-ec2-eap-0:7.0.8-1.GA_redhat_1.ep7.el7 | cpe:/a:redhat:jboss_enterprise_application_platform:7::el7 | RHSA-2017:2811 | 2017-09-26T00:00:00Z |
| Red Hat Single Sign-On 7.1 | |||
| cpe:/a:redhat:jboss_single_sign_on:7.1 | RHSA-2017:2906 | 2017-10-17T00:00:00Z | |
| Red Hat Single Sign-On 7.1 for RHEL 6 | |||
| rh-sso7-keycloak-0:2.5.14-1.Final_redhat_1.1.jbcs.el6 | cpe:/a:redhat:red_hat_single_sign_on:7::el6 | RHSA-2017:2904 | 2017-10-17T00:00:00Z |
| Red Hat Single Sign-On 7.1 for RHEL 7 | |||
| rh-sso7-keycloak-0:2.5.14-1.Final_redhat_1.1.jbcs.el7 | cpe:/a:redhat:red_hat_single_sign_on:7::el7 | RHSA-2017:2905 | 2017-10-17T00:00:00Z |
| Red Hat Virtualization 4 for Red Hat Enterprise Linux 7 | |||
| rhvm-appliance-0:20171102.0-1 | cpe:/o:redhat:enterprise_linux:7::hypervisor | RHSA-2017:3141 | 2017-11-07T00:00:00Z |
No data available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
 EUVD |
EUVD-2022-5095 | jasypt before 1.9.2 allows a timing attack against the password hash comparison. |
 Github GHSA |
GHSA-r5c2-rxh2-f5h2 | Exposure of Sensitive Information to an Unauthorized Actor in Apache Jasypt |
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2024-08-06T14:02:37.618Z
Reserved: 2017-05-21T00:00:00.000Z
Link: CVE-2014-9970
Vulnrichment
No data.
NVD
Status : Deferred
Published: 2017-05-21T18:29:00.173
Modified: 2025-04-20T01:37:25.860
Link: CVE-2014-9970
Redhat
OpenCVE Enrichment
No data.