A jetty8 update has been released for Debian 7 LTS
Package : jetty8Jetty8 security update for Debian 7 LTS
Version : 8.1.3-4+deb7u1
CVE ID : CVE-2017-9735
Debian Bug : 864898
It was discovered that Jetty8, a Java servlet engine and webserver, was
vulnerable to a timing attack which might reveal cryptographic
credentials such as passwords to a local user.
For Debian 7 "Wheezy", these problems have been fixed in version
8.1.3-4+deb7u1.
We recommend that you upgrade your jetty8 packages.