GHSA-jg2x-r643-w2ch, CVE-2006-6969
maven/org.eclipse.jetty/jetty-server
Jetty Uses Predictable Session Identifiers
Jetty before 4.2.27, 5.1 before 5.1.12, 6.0 before 6.0.2, and 6.1 before 6.1.0pre3 generates predictable session identifiers using java.util.random, which makes it easier for remote attackers to guess a session identifier through brute force attacks, bypass authentication requirements, and possibly conduct cross-site request forgery attacks.
All versions before 4.2.27, all versions starting from 5.1.0 before 5.1.12, all versions starting from 6.0.0 before 6.0.2, all versions starting from 6.1.0pre1 before 6.1.0pre3
Upgrade to versions 4.2.27, 5.1.12, 6.0.2, 6.1.0pre3 or above.
2024-02-13
source |