For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, if an exception is thrown from the SessionListener#sessionDestroyed() method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
eclipse jetty |
||
debian debian linux 10.0 |
||
netapp active iq unified manager - |
||
netapp e-series santricity os controller |
||
netapp e-series santricity web services - |
||
netapp element plug-in for vcenter server - |
||
netapp santricity cloud connector - |
||
netapp snap creator framework - |
||
netapp snapmanager - |
||
oracle autovue for agile product lifecycle management 21.0.2 |
||
oracle communications element manager 8.2.2 |
||
oracle communications services gatekeeper 7.0 |
||
oracle communications session report manager |
||
oracle communications session route manager |
||
oracle rest data services |
||
oracle siebel core - automation |