CVE-2006-6969

Published Feb 7, 2007

Last updated 6 years ago

CVSS info 6.8

Overview

Description: Jetty before 4.2.27, 5.1 before 5.1.12, 6.0 before 6.0.2, and 6.1 before 6.1.0pre3 generates predictable session identifiers using java.util.random, which makes it easier for remote attackers to guess a session identifier through brute force attacks, bypass authentication requirements, and possibly conduct cross-site request forgery attacks.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 6.8
Impact score: 6.4
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: NVD-CWE-Other

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:jetty:jetty_http_server:4.2.9:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "09FD2684-87CF-4B4D-B3D1-7DE43609D2E3"
          },
          {
            "criteria": "cpe:2.3:a:jetty:jetty_http_server:4.2.11:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B82462AC-665D-41C0-B198-AA52784DF4C3"
          },
          {
            "criteria": "cpe:2.3:a:jetty:jetty_http_server:4.2.12:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6B21ED45-9C48-4547-BDCE-7EB12B03AAEE"
          },
          {
            "criteria": "cpe:2.3:a:jetty:jetty_http_server:4.2.14:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BA62A170-2544-4D3D-8E22-21F35D2E9944"
          },
          {
            "criteria": "cpe:2.3:a:jetty:jetty_http_server:4.2.15:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DF5CEA1C-1EC7-49D7-9485-FA8773DA2D8A"
          },
          {
            "criteria": "cpe:2.3:a:jetty:jetty_http_server:4.2.16:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3F68F8E1-BF3C-4C99-BE93-985BB8AD51FF"
          },
          {
            "criteria": "cpe:2.3:a:jetty:jetty_http_server:4.2.17:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D0F5EF68-A6FC-4FD7-8C36-4A8623C60622"
          },
          {
            "criteria": "cpe:2.3:a:jetty:jetty_http_server:4.2.18:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "858FCD10-5B40-4EA8-BA16-081EFC734695"
          },
          {
            "criteria": "cpe:2.3:a:jetty:jetty_http_server:4.2.19:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "01A293F8-45D0-46F3-93C3-A09542628FE0"
          },
          {
            "criteria": "cpe:2.3:a:jetty:jetty_http_server:4.2.24:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "238E835C-8C44-4514-A320-E7294683C5A0"
          },
          {
            "criteria": "cpe:2.3:a:jetty:jetty_http_server:5.1.11:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DBDF1C6A-C804-4F51-BFF6-ECB4584E4DDB"
          },
          {
            "criteria": "cpe:2.3:a:jetty:jetty_http_server:6.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0ED02F5B-3F98-4603-B51B-DC5F7C81291C"
          },
          {
            "criteria": "cpe:2.3:a:jetty:jetty_http_server:6.1.0_pre2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F734C638-26EB-426E-8505-798F2DC526AF"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References