Vulnerabilities > CVE-2006-6969 - Unspecified vulnerability in Jetty Http Server

CVSS 6.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

jetty

NVD

Published: 2007-02-07

Updated: 2018-10-16

Summary

Jetty before 4.2.27, 5.1 before 5.1.12, 6.0 before 6.0.2, and 6.1 before 6.1.0pre3 generates predictable session identifiers using java.util.random, which makes it easier for remote attackers to guess a session identifier through brute force attacks, bypass authentication requirements, and possibly conduct cross-site request forgery attacks.

Vulnerable Configurations

Part	Description	Count
Application	Jetty Jetty Jetty Http Server 4.2.9 Jetty Jetty Http Server 4.2.11 Jetty Jetty Http Server 4.2.12 Jetty Jetty Http Server 4.2.14 Jetty Jetty Http Server 4.2.15 Jetty Jetty Http Server 4.2.16 Jetty Jetty Http Server 4.2.17 Jetty Jetty Http Server 4.2.18 Jetty Jetty Http Server 4.2.19 Jetty Jetty Http Server 4.2.24 Jetty Jetty Http Server 5.1.11 Jetty Jetty Http Server 6.0.1 Jetty Jetty Http Server 6.1.0_Pre2	13

Summary

Vulnerable Configurations

References