GHSA-jg2x-r643-w2ch

Suggest an improvement
Source
https://github.com/advisories/GHSA-jg2x-r643-w2ch
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-jg2x-r643-w2ch/GHSA-jg2x-r643-w2ch.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-jg2x-r643-w2ch
Aliases
  • CVE-2006-6969
Published
2022-05-01T07:43:29Z
Modified
2024-02-12T16:41:58.146447Z
Summary
Jetty Uses Predictable Session Identifiers
Details

Jetty before 4.2.27, 5.1 before 5.1.12, 6.0 before 6.0.2, and 6.1 before 6.1.0pre3 generates predictable session identifiers using java.util.random, which makes it easier for remote attackers to guess a session identifier through brute force attacks, bypass authentication requirements, and possibly conduct cross-site request forgery attacks.

Database specific 
{
    "nvd_published_at": "2007-02-07T11:28:00Z",
    "cwe_ids": [
        "CWE-330"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2024-02-12T16:20:55Z"
}
References

Affected packages

Maven / org.eclipse.jetty:jetty-server

Package

Name
org.eclipse.jetty:jetty-server
View open source insights on deps.dev
Purl
pkg:maven/org.eclipse.jetty/jetty-server

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.2.27

Maven / org.eclipse.jetty:jetty-server

Package

Name
org.eclipse.jetty:jetty-server
View open source insights on deps.dev
Purl
pkg:maven/org.eclipse.jetty/jetty-server

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.1.0
Fixed
5.1.12

Maven / org.eclipse.jetty:jetty-server

Package

Name
org.eclipse.jetty:jetty-server
View open source insights on deps.dev
Purl
pkg:maven/org.eclipse.jetty/jetty-server

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.0.0
Fixed
6.0.2

Maven / org.eclipse.jetty:jetty-server

Package

Name
org.eclipse.jetty:jetty-server
View open source insights on deps.dev
Purl
pkg:maven/org.eclipse.jetty/jetty-server

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.1.0pre1
Fixed
6.1.0pre3