Skip to main content

CWE-6

J2EE Misconfiguration: Insufficient Session-ID Length

1 CVEs Avg CVSS 8.8 MITRE
0
CRITICAL
1
HIGH
0
MEDIUM
0
LOW
0
POC
0
KEV

Monthly

CVE-2018-12538 Maven HIGH PATCH This Week

In Eclipse Jetty versions 9.4.0 through 9.4.8, when using the optional Jetty provided FileSessionDataStore for persistent storage of HttpSession details, it is possible for a malicious user to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Jetty E Series Santricity Management Plug Ins E Series Santricity Os Controller E Series Santricity Web Services Proxy +8
NVD
CVSS 3.0
8.8
EPSS
2.7%
EPSS 3% CVSS 8.8
HIGH PATCH This Week

In Eclipse Jetty versions 9.4.0 through 9.4.8, when using the optional Jetty provided FileSessionDataStore for persistent storage of HttpSession details, it is possible for a malicious user to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Jetty E Series Santricity Management Plug Ins +10
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy