-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Advisory ID : FrSIRT/ADV-2007-0497
Jetty Insecure Random Number Generation and Session ID Prediction Vulnerability Reference: http://www.frsirt.com/english/advisories/2007/0497 Technical Description: A vulnerability has been identified in Jetty, which could be exploited by remote attackers to bypass security restrictions. This issue is due to a design error where session identifiers generated via the "java.util.Random" class are easily predictable, which could be exploited by remote attackers to hijack a user's session and gain unauthorized access to a vulnerable application. thanks, - -- Tiago Bortoletto Vaz SaferNet Brasil http://www.safernet.org.br -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFFyNqOaQ1iFKUE/soRAk5SAJ4gkpODLwHeJxgsxUP2Fumzs0ifkgCfeyyS NF+16XVjZpWepGYBuIUSjYg= =jT5B -----END PGP SIGNATURE-----
