Vulnerabilities > Eclipse > Jetty > 9.4.3
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-06-22 | CVE-2018-12538 | Session Fixation vulnerability in multiple products In Eclipse Jetty versions 9.4.0 through 9.4.8, when using the optional Jetty provided FileSessionDataStore for persistent storage of HttpSession details, it is possible for a malicious user to access/hijack other HttpSessions and even delete unmatched HttpSessions present in the FileSystem's storage for the FileSessionDataStore. | 8.8 |
2017-06-16 | CVE-2017-9735 | Information Exposure Through Discrepancy vulnerability in multiple products Jetty through 9.4.x is prone to a timing channel in util/security/Password.java, which makes it easier for remote attackers to obtain access by observing elapsed times before rejection of incorrect passwords. | 7.5 |