In Eclipse Jetty versions 9.4.0 through 9.4.8, when using the optional Jetty provided FileSessionDataStore for persistent storage of HttpSession details, it is possible for a malicious user to access/hijack other HttpSessions and even delete unmatched HttpSessions present in the FileSystem's storage for the FileSessionDataStore.
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HEclipse Jetty
APPEclipse9.4.0 – 9.4.8Netapp Element Software
APPNetappwszystkie wersjeNetapp E Series Santricity Management Plug Ins
APPNetappwszystkie wersjeNetapp E Series Santricity Os Controller
APPNetapp11.0 – 11.40Netapp E Series Santricity Web Services Proxy
APPNetappwszystkie wersjeNetapp Hyper Converged Infrastructure
APPNetappwszystkie wersjeNetapp Oncommand System Manager
APPNetapp3.0.0 – 3.1.3Netapp Oncommand Unified Manager
APPNetappwszystkie wersjeNetapp Santricity Cloud Connector
APPNetappwszystkie wersjeNetapp Snapcenter
APPNetappwszystkie wersjeNetapp Snap Creator Framework
APPNetappwszystkie wersjeNetapp Snapmanager
APPNetappwszystkie wersje
Related vulnerabilities
The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution. This vulnerability may allow a ...
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features u...
When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache To...
Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5....
Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 ...