admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 17:21:36 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2006/CVE-2006-69xx/CVE-2006-6969.json
cad-safe-bot e6cbafdc40 Auto-Update: 2024-12-08T03:00:18.988682+00:00
2024-12-08 03:06:42 +00:00

212 lines
7.1 KiB
JSON
Raw Blame History

{
"id": "CVE-2006-6969",
"sourceIdentifier": "cve@mitre.org",
"published": "2007-02-07T11:28:00.000",
"lastModified": "2024-11-21T00:24:04.550",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Jetty before 4.2.27, 5.1 before 5.1.12, 6.0 before 6.0.2, and 6.1 before 6.1.0pre3 generates predictable session identifiers using java.util.random, which makes it easier for remote attackers to guess a session identifier through brute force attacks, bypass authentication requirements, and possibly conduct cross-site request forgery attacks."
},
{
"lang": "es",
"value": "Jetty anterior al 4.2.27, 5.1 anterior al 5.1.12, 6.0 anterior al 6.0.2 y 6.1 anterior al 6.1.0pre3 genera identificadores de sesi\u00f3n predecibles utilizando java.util.random, lo que hace m\u00e1s f\u00e1cil para atacantes remotos el adivinar los identificadores de sesiones utilizando ataques de fuerza bruta y, posiblemente, llevar a cabo ataques de falsificaci\u00f3n de petici\u00f3n en sitios cruzados."
}
],
"metrics": {
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"baseScore": 6.8,
"accessVector": "NETWORK",
"accessComplexity": "MEDIUM",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL"
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": true,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jetty:jetty_http_server:4.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "09FD2684-87CF-4B4D-B3D1-7DE43609D2E3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jetty:jetty_http_server:4.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "B82462AC-665D-41C0-B198-AA52784DF4C3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jetty:jetty_http_server:4.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "6B21ED45-9C48-4547-BDCE-7EB12B03AAEE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jetty:jetty_http_server:4.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "BA62A170-2544-4D3D-8E22-21F35D2E9944"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jetty:jetty_http_server:4.2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "DF5CEA1C-1EC7-49D7-9485-FA8773DA2D8A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jetty:jetty_http_server:4.2.16:*:*:*:*:*:*:*",
"matchCriteriaId": "3F68F8E1-BF3C-4C99-BE93-985BB8AD51FF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jetty:jetty_http_server:4.2.17:*:*:*:*:*:*:*",
"matchCriteriaId": "D0F5EF68-A6FC-4FD7-8C36-4A8623C60622"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jetty:jetty_http_server:4.2.18:*:*:*:*:*:*:*",
"matchCriteriaId": "858FCD10-5B40-4EA8-BA16-081EFC734695"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jetty:jetty_http_server:4.2.19:*:*:*:*:*:*:*",
"matchCriteriaId": "01A293F8-45D0-46F3-93C3-A09542628FE0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jetty:jetty_http_server:4.2.24:*:*:*:*:*:*:*",
"matchCriteriaId": "238E835C-8C44-4514-A320-E7294683C5A0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jetty:jetty_http_server:5.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "DBDF1C6A-C804-4F51-BFF6-ECB4584E4DDB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jetty:jetty_http_server:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0ED02F5B-3F98-4603-B51B-DC5F7C81291C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jetty:jetty_http_server:6.1.0_pre2:*:*:*:*:*:*:*",
"matchCriteriaId": "F734C638-26EB-426E-8505-798F2DC526AF"
}
]
}
]
}
],
"references": [
{
"url": "http://archives.neohapsis.com/archives/bugtraq/2007-02/0070.html",
"source": "cve@mitre.org"
},
{
"url": "http://fisheye.codehaus.org/changelog/jetty/?cs=1274",
"source": "cve@mitre.org"
},
{
"url": "http://osvdb.org/33108",
"source": "cve@mitre.org"
},
{
"url": "http://secunia.com/advisories/24070",
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "http://www.securityfocus.com/archive/1/459164/100/0/threaded",
"source": "cve@mitre.org"
},
{
"url": "http://www.securityfocus.com/bid/22405",
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "http://www.vupen.com/english/advisories/2007/0497",
"source": "cve@mitre.org"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32240",
"source": "cve@mitre.org"
},
{
"url": "http://archives.neohapsis.com/archives/bugtraq/2007-02/0070.html",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "http://fisheye.codehaus.org/changelog/jetty/?cs=1274",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "http://osvdb.org/33108",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "http://secunia.com/advisories/24070",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
},
{
"url": "http://www.securityfocus.com/archive/1/459164/100/0/threaded",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "http://www.securityfocus.com/bid/22405",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
},
{
"url": "http://www.vupen.com/english/advisories/2007/0497",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32240",
"source": "af854a3a-2127-422b-91ae-364da2661108"
}
]
}
Reference in New Issue View Git Blame Copy Permalink