Vulnerability Description
Jetty before 4.2.27, 5.1 before 5.1.12, 6.0 before 6.0.2, and 6.1 before 6.1.0pre3 generates predictable session identifiers using java.util.random, which makes it easier for remote attackers to guess a session identifier through brute force attacks, bypass authentication requirements, and possibly conduct cross-site request forgery attacks.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Jetty | Jetty Http Server | 4.2.9 |
References
- http://archives.neohapsis.com/archives/bugtraq/2007-02/0070.html
- http://fisheye.codehaus.org/changelog/jetty/?cs=1274
- http://osvdb.org/33108
- http://secunia.com/advisories/24070Vendor Advisory
- http://www.securityfocus.com/archive/1/459164/100/0/threaded
- http://www.securityfocus.com/bid/22405Vendor Advisory
- http://www.vupen.com/english/advisories/2007/0497
- https://exchange.xforce.ibmcloud.com/vulnerabilities/32240
- http://archives.neohapsis.com/archives/bugtraq/2007-02/0070.html
- http://fisheye.codehaus.org/changelog/jetty/?cs=1274
- http://osvdb.org/33108
- http://secunia.com/advisories/24070Vendor Advisory
- http://www.securityfocus.com/archive/1/459164/100/0/threaded
- http://www.securityfocus.com/bid/22405Vendor Advisory
- http://www.vupen.com/english/advisories/2007/0497
FAQ
What is CVE-2006-6969?
CVE-2006-6969 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Jetty before 4.2.27, 5.1 before 5.1.12, 6.0 before 6.0.2, and 6.1 before 6.1.0pre3 generates predictable session identifiers using java.util.random, which makes it easier for remote attackers to guess...
How severe is CVE-2006-6969?
CVE-2006-6969 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-6969?
Check the references section above for vendor advisories and patch information. Affected products include: Jetty Jetty Http Server.