Jetty prior to 4.2.27, 5.1 prior to 5.1.12, 6.0 prior to 6.0.2, and 6.1 prior to 6.1.0pre3 generates predictable session identifiers using java.util.random, which makes it easier for remote malicious users to guess a session identifier through brute force attacks, bypass authentication requirements, and possibly conduct cross-site request forgery attacks.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
jetty jetty http server 4.2.18 |
||
jetty jetty http server 4.2.19 |
||
jetty jetty http server 4.2.12 |
||
jetty jetty http server 4.2.14 |
||
jetty jetty http server 5.1.11 |
||
jetty jetty http server 6.0.1 |
||
jetty jetty http server 4.2.15 |
||
jetty jetty http server 4.2.16 |
||
jetty jetty http server 4.2.17 |
||
jetty jetty http server 6.1.0_pre2 |
||
jetty jetty http server 4.2.11 |
||
jetty jetty http server 4.2.24 |
||
jetty jetty http server 4.2.9 |