CVE-2006-6969
Jetty (versions: before 4.2.27, 5.1 before 5.1.12, 6.0 before 6.0.2, 6.1 before 6.1.0pre3) uses java.util.Random to generate session IDs. This leads to predictable session identifiers that remote attackers could brute-force to guess sessions, potentially bypass authentication and enable cross-sit...