|Title:||Eclipse Jetty Session Vulnerability (GHSA-m6cp-vxjx-65j6) - Linux|
|Summary:||Eclipse Jetty is prone to a vulnerability in the session; management.|
Eclipse Jetty is prone to a vulnerability in the session
If an exception is thrown from the SessionListener#sessionDestroyed()
method, then the session ID is not invalidated in the session ID manager. On deployments with
clustered sessions and multiple contexts this can result in a session not being invalidated. This
can result in an application used on a shared computer being left logged in.
Eclipse Jetty version 9.4.40.v20210413 and prior, 10.x through
10.0.2 and 11.x through 11.0.2.
Update to version 9.4.41.v20210516, 10.0.3, 11.0.3 or later.
Common Vulnerability Exposure (CVE) ID: CVE-2021-34428|
|Copyright||Copyright (C) 2021 Greenbone Networks GmbH|
|This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.