Session Identifier Vulnerability in Jetty by Eclipse Foundation
CVE-2006-6969

Currently unrated

Key Information:

Vendor

Jetty

Status
Jetty Http Server
Vendor
CVE Published:
7 February 2007

What is CVE-2006-6969?

Prior versions of Jetty generate session identifiers using java.util.random, leading to predictability and vulnerability to brute force attacks. This flaw enables remote attackers to easily guess session identifiers, thereby bypassing authentication, and potentially opens pathways for cross-site request forgery attacks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://secunia.com/advisories/24070
third-party-advisoryx_refsource_SECUNIA
http://www.vupen.com/english/advisories/2007/0497
vdb-entryx_refsource_VUPEN
https://exchange.xforce.ibmcloud.com/vulnerabilities/32240
vdb-entryx_refsource_XF

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.