5 matches found
jetty: SessionListener can prevent a session from being invalidated breaking logout
A flaw was discovered in the jetty-server, where if an exception is thrown from the SessionListenersessionDestroyed method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts, this could result in a session not being...
jetty: SessionListener can prevent a session from being invalidated breaking logout
A flaw was discovered in the jetty-server, where if an exception is thrown from the SessionListenersessionDestroyed method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts, this could result in a session not being...
DEBIAN-CVE-2021-34428
For Eclipse Jetty versions = 9.4.40, = 10.0.2, = 11.0.2, if an exception is thrown from the SessionListenersessionDestroyed method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being...
UBUNTU-CVE-2021-34428
For Eclipse Jetty versions = 9.4.40, = 10.0.2, = 11.0.2, if an exception is thrown from the SessionListenersessionDestroyed method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being...
PT-2021-3392 · Eclipse +2 · Eclipse Jetty +2
Name of the Vulnerable Software and Affected Versions: Eclipse Jetty versions = 9.4.40 Eclipse Jetty versions = 10.0.2 Eclipse Jetty versions = 11.0.2 Description: The issue is related to the SessionListenersessionDestroyed method, where if an exception is thrown, the session ID is not invalidate...