Jetty » Jetty Http Server : Security Vulnerabilities, CVEs, Published In 2007
Jetty before 4.2.27, 5.1 before 5.1.12, 6.0 before 6.0.2, and 6.1 before 6.1.0pre3 generates predictable session identifiers using java.util.random, which makes it easier for remote attackers to guess a session identifier through brute force attacks, bypass authentication requirements, and possibly conduct cross-site request forgery attacks.
Max CVSS
6.8
EPSS Score
14.16%
Published
2007-02-07
Updated
2018-10-16
1 vulnerabilities found