In Eclipse Jetty versions 9.4.0 through 9.4.8, when using the optional Jetty provided FileSessionDataStore for persistent storage of HttpSession details, it is possible for a malicious user to access/hijack other HttpSessions and even delete unmatched HttpSessions present in the FileSystem's storage for the FileSessionDataStore.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
07 Nov 2023, 02:52
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2018-06-22 19:29
Updated : 2024-02-28 16:25
NVD link : CVE-2018-12538
Mitre link : CVE-2018-12538
CVE.ORG link : CVE-2018-12538
JSON object : View
Products Affected
netapp
- element_software
- e-series_santricity_os_controller
- e-series_santricity_web_services_proxy
- e-series_santricity_management_plug-ins
- oncommand_unified_manager
- hyper_converged_infrastructure
- santricity_cloud_connector
- oncommand_system_manager
- snap_creator_framework
- snapmanager
- snapcenter
eclipse
- jetty