CVE-2006-6969
Severity Score
6.8
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Jetty before 4.2.27, 5.1 before 5.1.12, 6.0 before 6.0.2, and 6.1 before 6.1.0pre3 generates predictable session identifiers using java.util.random, which makes it easier for remote attackers to guess a session identifier through brute force attacks, bypass authentication requirements, and possibly conduct cross-site request forgery attacks.
Jetty anterior al 4.2.27, 5.1 anterior al 5.1.12, 6.0 anterior al 6.0.2 y 6.1 anterior al 6.1.0pre3 genera identificadores de sesión predecibles utilizando java.util.random, lo que hace más fácil para atacantes remotos el adivinar los identificadores de sesiones utilizando ataques de fuerza bruta y, posiblemente, llevar a cabo ataques de falsificación de petición en sitios cruzados.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2007-02-07 CVE Reserved
- 2007-02-07 CVE Published
- 2024-04-04 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (8)
| URL | Tag | Source |
|---|---|---|
| http://archives.neohapsis.com/archives/bugtraq/2007-02/0070.html | Mailing List | |
| http://fisheye.codehaus.org/changelog/jetty/?cs=1274 | X_refsource_confirm | |
| http://osvdb.org/33108 | Vdb Entry | |
| http://www.securityfocus.com/archive/1/459164/100/0/threaded | Mailing List | |
| http://www.vupen.com/english/advisories/2007/0497 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/32240 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/24070 | 2018-10-16 | |
| http://www.securityfocus.com/bid/22405 | 2018-10-16 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Jetty Search vendor "Jetty" | Jetty Http Server Search vendor "Jetty" for product "Jetty Http Server" | 4.2.9 Search vendor "Jetty" for product "Jetty Http Server" and version "4.2.9" | - |
Affected
| ||||||
| Jetty Search vendor "Jetty" | Jetty Http Server Search vendor "Jetty" for product "Jetty Http Server" | 4.2.11 Search vendor "Jetty" for product "Jetty Http Server" and version "4.2.11" | - |
Affected
| ||||||
| Jetty Search vendor "Jetty" | Jetty Http Server Search vendor "Jetty" for product "Jetty Http Server" | 4.2.12 Search vendor "Jetty" for product "Jetty Http Server" and version "4.2.12" | - |
Affected
| ||||||
| Jetty Search vendor "Jetty" | Jetty Http Server Search vendor "Jetty" for product "Jetty Http Server" | 4.2.14 Search vendor "Jetty" for product "Jetty Http Server" and version "4.2.14" | - |
Affected
| ||||||
| Jetty Search vendor "Jetty" | Jetty Http Server Search vendor "Jetty" for product "Jetty Http Server" | 4.2.15 Search vendor "Jetty" for product "Jetty Http Server" and version "4.2.15" | - |
Affected
| ||||||
| Jetty Search vendor "Jetty" | Jetty Http Server Search vendor "Jetty" for product "Jetty Http Server" | 4.2.16 Search vendor "Jetty" for product "Jetty Http Server" and version "4.2.16" | - |
Affected
| ||||||
| Jetty Search vendor "Jetty" | Jetty Http Server Search vendor "Jetty" for product "Jetty Http Server" | 4.2.17 Search vendor "Jetty" for product "Jetty Http Server" and version "4.2.17" | - |
Affected
| ||||||
| Jetty Search vendor "Jetty" | Jetty Http Server Search vendor "Jetty" for product "Jetty Http Server" | 4.2.18 Search vendor "Jetty" for product "Jetty Http Server" and version "4.2.18" | - |
Affected
| ||||||
| Jetty Search vendor "Jetty" | Jetty Http Server Search vendor "Jetty" for product "Jetty Http Server" | 4.2.19 Search vendor "Jetty" for product "Jetty Http Server" and version "4.2.19" | - |
Affected
| ||||||
| Jetty Search vendor "Jetty" | Jetty Http Server Search vendor "Jetty" for product "Jetty Http Server" | 4.2.24 Search vendor "Jetty" for product "Jetty Http Server" and version "4.2.24" | - |
Affected
| ||||||
| Jetty Search vendor "Jetty" | Jetty Http Server Search vendor "Jetty" for product "Jetty Http Server" | 5.1.11 Search vendor "Jetty" for product "Jetty Http Server" and version "5.1.11" | - |
Affected
| ||||||
| Jetty Search vendor "Jetty" | Jetty Http Server Search vendor "Jetty" for product "Jetty Http Server" | 6.0.1 Search vendor "Jetty" for product "Jetty Http Server" and version "6.0.1" | - |
Affected
| ||||||
| Jetty Search vendor "Jetty" | Jetty Http Server Search vendor "Jetty" for product "Jetty Http Server" | 6.1.0_pre2 Search vendor "Jetty" for product "Jetty Http Server" and version "6.1.0_pre2" | - |
Affected
| ||||||