12 matches found
Unity Linux 20.1070e Security Update: jetty (UTSA-2026-017459)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017459 advisory. For Eclipse Jetty versions = 9.4.40, = 10.0.2, = 11.0.2, if an exception is thrown from the SessionListenersessionDestroyed method, then the session ID is not...
Amazon Linux 2 : jetty (ALAS-2025-2855)
It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2855 advisory. For Eclipse Jetty versions = 9.4.40, = 10.0.2, = 11.0.2, if an exception is thrown from the SessionListenersessionDestroyed method, then the session ID is not invalidated in the session ID manager. On...
jetty: SessionListener can prevent a session from being invalidated breaking logout
A flaw was discovered in the jetty-server, where if an exception is thrown from the SessionListenersessionDestroyed method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts, this could result in a session not being...
jetty: SessionListener can prevent a session from being invalidated breaking logout
A flaw was discovered in the jetty-server, where if an exception is thrown from the SessionListenersessionDestroyed method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts, this could result in a session not being...
jetty: SessionListener can prevent a session from being invalidated breaking logout
A flaw was discovered in the jetty-server, where if an exception is thrown from the SessionListenersessionDestroyed method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts, this could result in a session not being...
jetty: SessionListener can prevent a session from being invalidated breaking logout
A flaw was discovered in the jetty-server, where if an exception is thrown from the SessionListenersessionDestroyed method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts, this could result in a session not being...
SessionListener can prevent a session from being invalidated breaking logout
Impact If an exception is thrown from the SessionListenersessionDestroyed method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application us...
DEBIAN-CVE-2021-34428
For Eclipse Jetty versions = 9.4.40, = 10.0.2, = 11.0.2, if an exception is thrown from the SessionListenersessionDestroyed method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being...
Session fixation
For Eclipse Jetty versions = 9.4.40, = 10.0.2, = 11.0.2, if an exception is thrown from the SessionListenersessionDestroyed method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being...
CVE-2021-34428
CVE-2021-34428 affects Eclipse Jetty up to 9.4.40, 10.0.2, and 11.0.2. The root cause is an exception in SessionListener#sessionDestroyed() that prevents the session ID from being invalidated in the session ID manager, which in clustered deployments can leave a user session active on a shared mac...
CVE-2021-34428
For Eclipse Jetty versions = 9.4.40, = 10.0.2, = 11.0.2, if an exception is thrown from the SessionListenersessionDestroyed method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being...
PT-2021-3392 · Eclipse +2 · Eclipse Jetty +2
Name of the Vulnerable Software and Affected Versions: Eclipse Jetty versions = 9.4.40 Eclipse Jetty versions = 10.0.2 Eclipse Jetty versions = 11.0.2 Description: The issue is related to the SessionListenersessionDestroyed method, where if an exception is thrown, the session ID is not invalidate...