CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Jetty: >> Jetty Http Server >> 5.1.11 Security Vulnerabilities

CVE-2006-6969

Jetty before 4.2.27, 5.1 before 5.1.12, 6.0 before 6.0.2, and 6.1 before 6.1.0pre3 generates predictable session identifiers using java.util.random, which makes it easier for remote attackers to guess a session identifier through brute force attacks, bypass authentication requirements, and possibly conduct cross-site request forgery attacks.

CVSS Score

6.8

EPSS Score

0.006

Published

2007-02-07

Page 1

Vulnerabilities

Vulnerable Software

Jetty: >> Jetty Http Server >> 5.1.11 Security Vulnerabilities

Products

Pricing

Contact Us