Vulnerabilities > CVE-2006-6969 - Unspecified vulnerability in Jetty Http Server
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Jetty before 4.2.27, 5.1 before 5.1.12, 6.0 before 6.0.2, and 6.1 before 6.1.0pre3 generates predictable session identifiers using java.util.random, which makes it easier for remote attackers to guess a session identifier through brute force attacks, bypass authentication requirements, and possibly conduct cross-site request forgery attacks.
Vulnerable Configurations
References
- http://archives.neohapsis.com/archives/bugtraq/2007-02/0070.html
- http://fisheye.codehaus.org/changelog/jetty/?cs=1274
- http://osvdb.org/33108
- http://secunia.com/advisories/24070
- http://www.securityfocus.com/archive/1/459164/100/0/threaded
- http://www.securityfocus.com/bid/22405
- http://www.vupen.com/english/advisories/2007/0497
- https://exchange.xforce.ibmcloud.com/vulnerabilities/32240
- http://archives.neohapsis.com/archives/bugtraq/2007-02/0070.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/32240
- http://www.vupen.com/english/advisories/2007/0497
- http://www.securityfocus.com/bid/22405
- http://www.securityfocus.com/archive/1/459164/100/0/threaded
- http://secunia.com/advisories/24070
- http://osvdb.org/33108
- http://fisheye.codehaus.org/changelog/jetty/?cs=1274