6.8

CVE-2006-6969

EPSS 0.67%
Published 07.02.2007 11:28:00
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

Jetty before 4.2.27, 5.1 before 5.1.12, 6.0 before 6.0.2, and 6.1 before 6.1.0pre3 generates predictable session identifiers using java.util.random, which makes it easier for remote attackers to guess a session identifier through brute force attacks, bypass authentication requirements, and possibly conduct cross-site request forgery attacks.

Affected products Warnungen 0 Metrics 2 CWE 0 References 11

Data is provided by the National Vulnerability Database (NVD)

Jetty ≫ Jetty Http Server Version4.2.9

Jetty ≫ Jetty Http Server Version4.2.11

Jetty ≫ Jetty Http Server Version4.2.12

Jetty ≫ Jetty Http Server Version4.2.14

Jetty ≫ Jetty Http Server Version4.2.15

Jetty ≫ Jetty Http Server Version4.2.16

Jetty ≫ Jetty Http Server Version4.2.17

Jetty ≫ Jetty Http Server Version4.2.18

Jetty ≫ Jetty Http Server Version4.2.19

Jetty ≫ Jetty Http Server Version4.2.24

Jetty ≫ Jetty Http Server Version5.1.11

Jetty ≫ Jetty Http Server Version6.0.1

Jetty ≫ Jetty Http Server Version6.1.0_pre2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.67%	0.704

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

http://archives.neohapsis.com/archives/bugtraq/2007-02/0070.html

http://fisheye.codehaus.org/changelog/jetty/?cs=1274

http://osvdb.org/33108

http://secunia.com/advisories/24070

Vendor Advisory

http://www.securityfocus.com/archive/1/459164/100/0/threaded

http://www.securityfocus.com/bid/22405

Vendor Advisory

http://www.vupen.com/english/advisories/2007/0497

https://exchange.xforce.ibmcloud.com/vulnerabilities/32240

https://nvd.nist.gov/vuln/detail/CVE-2006-6969

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2006-6969

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2006-6969

EUVD