Web Servers : Eclipse Jetty Session Vulnerability (GHSA-m6cp-vxjx-65j6)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.146165

Categoría: Web Servers

Título: Eclipse Jetty Session Vulnerability (GHSA-m6cp-vxjx-65j6) - Windows

Resumen: Eclipse Jetty is prone to a vulnerability in the session; management.

Descripción: Summary:
Eclipse Jetty is prone to a vulnerability in the session
management.

Vulnerability Insight:
If an exception is thrown from the SessionListener#sessionDestroyed()
method, then the session ID is not invalidated in the session ID manager. On deployments with
clustered sessions and multiple contexts this can result in a session not being invalidated. This
can result in an application used on a shared computer being left logged in.

Affected Software/OS:
Eclipse Jetty version 9.4.40.v20210413 and prior, 10.x through
10.0.2 and 11.x through 11.0.2.

Solution:
Update to version 9.4.41.v20210516, 10.0.3, 11.0.3 or later.

CVSS Score:
3.6

CVSS Vector:
AV:L/AC:L/Au:N/C:P/I:P/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2021-34428
https://github.com/eclipse/jetty.project/security/advisories/GHSA-m6cp-vxjx-65j6
https://security.netapp.com/advisory/ntap-20210813-0003/
Debian Security Information: DSA-4949 (Google Search)
https://www.debian.org/security/2021/dsa-4949
https://lists.apache.org/thread.html/r8a1a332899a1f92c8118b0895b144b27a78e3f25b9d58a34dd5eb084@%3Cnotifications.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/rbefa055282d52d6b58d29a79fbb0be65ab0a38d25f00bd29eaf5e6fd@%3Cnotifications.zookeeper.apache.org%3E
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.oracle.com/security-alerts/cpuoct2021.html
https://lists.apache.org/thread.html/ref1c161a1621504e673f9197b49e6efe5a33ce3f0e6d8f1f804fc695@%3Cjira.kafka.apache.org%3E
https://lists.apache.org/thread.html/rf36f1114e84a3379b20587063686148e2d5a39abc0b8a66ff2a9087a@%3Cissues.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/rddbb4f8d5db23265bb63d14ef4b3723b438abc1589f877db11d35450@%3Cissues.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r67c4f90658fde875521c949448c54c98517beecdc7f618f902c620ec@%3Cissues.zookeeper.apache.org%3E

Copyright Copyright (C) 2021 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.146165
Categoría:	Web Servers
Título:	Eclipse Jetty Session Vulnerability (GHSA-m6cp-vxjx-65j6) - Windows
Resumen:	Eclipse Jetty is prone to a vulnerability in the session; management.
Descripción:	Summary: Eclipse Jetty is prone to a vulnerability in the session management. Vulnerability Insight: If an exception is thrown from the SessionListener#sessionDestroyed() method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in. Affected Software/OS: Eclipse Jetty version 9.4.40.v20210413 and prior, 10.x through 10.0.2 and 11.x through 11.0.2. Solution: Update to version 9.4.41.v20210516, 10.0.3, 11.0.3 or later. CVSS Score: 3.6 CVSS Vector: AV:L/AC:L/Au:N/C:P/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2021-34428 https://github.com/eclipse/jetty.project/security/advisories/GHSA-m6cp-vxjx-65j6 https://security.netapp.com/advisory/ntap-20210813-0003/ Debian Security Information: DSA-4949 (Google Search) https://www.debian.org/security/2021/dsa-4949 https://lists.apache.org/thread.html/r8a1a332899a1f92c8118b0895b144b27a78e3f25b9d58a34dd5eb084@%3Cnotifications.zookeeper.apache.org%3E https://lists.apache.org/thread.html/rbefa055282d52d6b58d29a79fbb0be65ab0a38d25f00bd29eaf5e6fd@%3Cnotifications.zookeeper.apache.org%3E https://www.oracle.com/security-alerts/cpuapr2022.html https://www.oracle.com/security-alerts/cpujan2022.html https://www.oracle.com/security-alerts/cpuoct2021.html https://lists.apache.org/thread.html/ref1c161a1621504e673f9197b49e6efe5a33ce3f0e6d8f1f804fc695@%3Cjira.kafka.apache.org%3E https://lists.apache.org/thread.html/rf36f1114e84a3379b20587063686148e2d5a39abc0b8a66ff2a9087a@%3Cissues.zookeeper.apache.org%3E https://lists.apache.org/thread.html/rddbb4f8d5db23265bb63d14ef4b3723b438abc1589f877db11d35450@%3Cissues.zookeeper.apache.org%3E https://lists.apache.org/thread.html/r67c4f90658fde875521c949448c54c98517beecdc7f618f902c620ec@%3Cissues.zookeeper.apache.org%3E
Copyright	Copyright (C) 2021 Greenbone AG