6.8

CVE-2006-6969

Jetty before 4.2.27, 5.1 before 5.1.12, 6.0 before 6.0.2, and 6.1 before 6.1.0pre3 generates predictable session identifiers using java.util.random, which makes it easier for remote attackers to guess a session identifier through brute force attacks, bypass authentication requirements, and possibly conduct cross-site request forgery attacks.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
JettyJetty Http Server Version4.2.9
JettyJetty Http Server Version4.2.11
JettyJetty Http Server Version4.2.12
JettyJetty Http Server Version4.2.14
JettyJetty Http Server Version4.2.15
JettyJetty Http Server Version4.2.16
JettyJetty Http Server Version4.2.17
JettyJetty Http Server Version4.2.18
JettyJetty Http Server Version4.2.19
JettyJetty Http Server Version4.2.24
JettyJetty Http Server Version5.1.11
JettyJetty Http Server Version6.0.1
JettyJetty Http Server Version6.1.0_pre2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.56% 0.72
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://archives.neohapsis.com/archives/bugtraq/2007-02/0070.html
http://fisheye.codehaus.org/changelog/jetty/?cs=1274
http://osvdb.org/33108
http://secunia.com/advisories/24070
Vendor Advisory
http://www.securityfocus.com/archive/1/459164/100/0/threaded
http://www.securityfocus.com/bid/22405
Vendor Advisory
http://www.vupen.com/english/advisories/2007/0497
https://exchange.xforce.ibmcloud.com/vulnerabilities/32240