Package: jetty Severity: grave Tags: security Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for jetty.
CVE-2006-6969[0]: | Jetty before 4.2.27, 5.1 before 5.1.12, 6.0 before 6.0.2, and 6.1 | before 6.1.0pre3 generates predictable session identifiers using | java.util.random, which makes it easier for remote attackers to guess | a session identifier through brute force attacks, bypass | authentication requirements, and possibly conduct cross-site request | forgery attacks. If you fix this vulnerability please also include the CVE id in your changelog entry. This vulnerability has been verified in the Debian versions by the upstream. I am currently waiting to get a patch for this. For further information: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6969 Kind regards Nico -- Nico Golde - http://ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
pgpMMnfOaT1NB.pgp
Description: PGP signature
_______________________________________________ pkg-java-maintainers mailing list pkg-java-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-java-maintainers
