1 results (0.002 seconds)
CVSS: 8.8EPSS: 0%CPEs: 13EXPL: 0
CVSS: 8.8EPSS: 0%CPEs: 13EXPL: 0CVE-2006-6969
https://notcve.org/view.php?id=CVE-2006-6969
07 Feb 2007 — Jetty before 4.2.27, 5.1 before 5.1.12, 6.0 before 6.0.2, and 6.1 before 6.1.0pre3 generates predictable session identifiers using java.util.random, which makes it easier for remote attackers to guess a session identifier through brute force attacks, bypass authentication requirements, and possibly conduct cross-site request forgery attacks. Jetty anterior al 4.2.27, 5.1 anterior al 5.1.12, 6.0 anterior al 6.0.2 y 6.1 anterior al 6.1.0pre3 genera identificadores de sesión predecibles utilizando java.util.ra... • http://archives.neohapsis.com/archives/bugtraq/2007-02/0070.html •