In Eclipse Jetty versions 9.4.0 up to and including 9.4.8, when using the optional Jetty provided FileSessionDataStore for persistent storage of HttpSession details, it is possible for a malicious user to access/hijack other HttpSessions and even delete unmatched HttpSessions present in the FileSystem's storage for the FileSessionDataStore.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
eclipse jetty |
||
netapp e-series santricity management plug-ins - |
||
netapp e-series santricity os controller |
||
netapp e-series santricity web services proxy - |
||
netapp element software - |
||
netapp hyper converged infrastructure - |
||
netapp oncommand system manager |
||
netapp oncommand unified manager - |
||
netapp santricity cloud connector - |
||
netapp snap creator framework - |
||
netapp snapcenter - |
||
netapp snapmanager - |