Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-6wmw-tne9-xbaz

Summary

Session Fixation
When using the optional Jetty provided `FileSessionDataStore` for persistent storage of `HttpSession` details, it is possible for a malicious user to access/hijack other `HttpSessions`.

Aliases

alias	CVE-2018-12538

alias	GHSA-mwcx-532g-8pq3

Fixed_packages

url	pkg:deb/debian/jetty9@0?distro=trixie
purl	pkg:deb/debian/jetty9@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/jetty9@0%3Fdistro=trixie

url	pkg:deb/debian/jetty9@9.4.50-4%2Bdeb11u2?distro=trixie
purl	pkg:deb/debian/jetty9@9.4.50-4%2Bdeb11u2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/jetty9@9.4.50-4%252Bdeb11u2%3Fdistro=trixie

url	pkg:deb/debian/jetty9@9.4.57-1.1~deb12u1?distro=trixie
purl	pkg:deb/debian/jetty9@9.4.57-1.1~deb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/jetty9@9.4.57-1.1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/jetty9@9.4.57-1.1~deb13u1?distro=trixie
purl	pkg:deb/debian/jetty9@9.4.57-1.1~deb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/jetty9@9.4.57-1.1~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/jetty9@9.4.58-2?distro=trixie
purl	pkg:deb/debian/jetty9@9.4.58-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/jetty9@9.4.58-2%3Fdistro=trixie

url pkg:maven/org.eclipse.jetty/jetty-server@9.4.8.v20180619

purl pkg:maven/org.eclipse.jetty/jetty-server@9.4.8.v20180619

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ceb-5aaj-zbfn

vulnerability	VCID-2p9t-s37z-b7ac

vulnerability	VCID-3k1u-qrwz-ubgu

vulnerability	VCID-3vps-uq7s-nfb7

vulnerability	VCID-6wmw-tne9-xbaz

vulnerability	VCID-9an6-1me1-97fc

vulnerability	VCID-9qyq-hht8-nqgz

vulnerability	VCID-bq5u-wuuv-m7au

vulnerability	VCID-emr9-k9h1-vkeb

vulnerability	VCID-f4kf-f8us-r7gn

vulnerability	VCID-gua7-n9ne-t3hk

vulnerability	VCID-jktf-sads-m7ca

vulnerability	VCID-k829-sb45-hba9

vulnerability	VCID-p2fr-edcy-47ct

vulnerability	VCID-r7rk-5z6r-33a1

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@9.4.8.v20180619

url pkg:maven/org.eclipse.jetty/jetty-server@9.4.11.v20180605

purl pkg:maven/org.eclipse.jetty/jetty-server@9.4.11.v20180605

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2p9t-s37z-b7ac

vulnerability	VCID-3k1u-qrwz-ubgu

vulnerability	VCID-3vps-uq7s-nfb7

vulnerability	VCID-9an6-1me1-97fc

vulnerability	VCID-9qyq-hht8-nqgz

vulnerability	VCID-bq5u-wuuv-m7au

vulnerability	VCID-gua7-n9ne-t3hk

vulnerability	VCID-jktf-sads-m7ca

vulnerability	VCID-k829-sb45-hba9

vulnerability	VCID-p2fr-edcy-47ct

vulnerability	VCID-r7rk-5z6r-33a1

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@9.4.11.v20180605

Affected_packages

url pkg:maven/org.eclipse.jetty/jetty-server@9.4.0

purl pkg:maven/org.eclipse.jetty/jetty-server@9.4.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ceb-5aaj-zbfn

vulnerability	VCID-3k1u-qrwz-ubgu

vulnerability	VCID-6wmw-tne9-xbaz

vulnerability	VCID-9qyq-hht8-nqgz

vulnerability	VCID-emr9-k9h1-vkeb

vulnerability	VCID-f4kf-f8us-r7gn

vulnerability	VCID-f9tf-uebt-kqcy

vulnerability	VCID-hwnn-v58k-93hp

vulnerability	VCID-jktf-sads-m7ca

vulnerability	VCID-r7rk-5z6r-33a1

vulnerability	VCID-x5gr-c5yu-y3hs

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@9.4.0

url pkg:maven/org.eclipse.jetty/jetty-server@9.4.0.v20161208

purl pkg:maven/org.eclipse.jetty/jetty-server@9.4.0.v20161208

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ceb-5aaj-zbfn

vulnerability	VCID-2p9t-s37z-b7ac

vulnerability	VCID-3k1u-qrwz-ubgu

vulnerability	VCID-3vps-uq7s-nfb7

vulnerability	VCID-6wmw-tne9-xbaz

vulnerability	VCID-9an6-1me1-97fc

vulnerability	VCID-9qyq-hht8-nqgz

vulnerability	VCID-bq5u-wuuv-m7au

vulnerability	VCID-emr9-k9h1-vkeb

vulnerability	VCID-f4kf-f8us-r7gn

vulnerability	VCID-gua7-n9ne-t3hk

vulnerability	VCID-jktf-sads-m7ca

vulnerability	VCID-p2fr-edcy-47ct

vulnerability	VCID-r7rk-5z6r-33a1

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@9.4.0.v20161208

url pkg:maven/org.eclipse.jetty/jetty-server@9.4.0.v20180619

purl pkg:maven/org.eclipse.jetty/jetty-server@9.4.0.v20180619

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ceb-5aaj-zbfn

vulnerability	VCID-2p9t-s37z-b7ac

vulnerability	VCID-3k1u-qrwz-ubgu

vulnerability	VCID-3vps-uq7s-nfb7

vulnerability	VCID-6wmw-tne9-xbaz

vulnerability	VCID-9an6-1me1-97fc

vulnerability	VCID-9qyq-hht8-nqgz

vulnerability	VCID-bq5u-wuuv-m7au

vulnerability	VCID-emr9-k9h1-vkeb

vulnerability	VCID-f4kf-f8us-r7gn

vulnerability	VCID-gua7-n9ne-t3hk

vulnerability	VCID-jktf-sads-m7ca

vulnerability	VCID-p2fr-edcy-47ct

vulnerability	VCID-r7rk-5z6r-33a1

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@9.4.0.v20180619

url pkg:maven/org.eclipse.jetty/jetty-server@9.4.1.v20170120

purl pkg:maven/org.eclipse.jetty/jetty-server@9.4.1.v20170120

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ceb-5aaj-zbfn

vulnerability	VCID-2p9t-s37z-b7ac

vulnerability	VCID-3k1u-qrwz-ubgu

vulnerability	VCID-3vps-uq7s-nfb7

vulnerability	VCID-6wmw-tne9-xbaz

vulnerability	VCID-9an6-1me1-97fc

vulnerability	VCID-9qyq-hht8-nqgz

vulnerability	VCID-bq5u-wuuv-m7au

vulnerability	VCID-emr9-k9h1-vkeb

vulnerability	VCID-f4kf-f8us-r7gn

vulnerability	VCID-gua7-n9ne-t3hk

vulnerability	VCID-jktf-sads-m7ca

vulnerability	VCID-p2fr-edcy-47ct

vulnerability	VCID-r7rk-5z6r-33a1

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@9.4.1.v20170120

url pkg:maven/org.eclipse.jetty/jetty-server@9.4.1.v20180619

purl pkg:maven/org.eclipse.jetty/jetty-server@9.4.1.v20180619

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ceb-5aaj-zbfn

vulnerability	VCID-2p9t-s37z-b7ac

vulnerability	VCID-3k1u-qrwz-ubgu

vulnerability	VCID-3vps-uq7s-nfb7

vulnerability	VCID-6wmw-tne9-xbaz

vulnerability	VCID-9an6-1me1-97fc

vulnerability	VCID-9qyq-hht8-nqgz

vulnerability	VCID-bq5u-wuuv-m7au

vulnerability	VCID-emr9-k9h1-vkeb

vulnerability	VCID-f4kf-f8us-r7gn

vulnerability	VCID-gua7-n9ne-t3hk

vulnerability	VCID-jktf-sads-m7ca

vulnerability	VCID-p2fr-edcy-47ct

vulnerability	VCID-r7rk-5z6r-33a1

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@9.4.1.v20180619

url pkg:maven/org.eclipse.jetty/jetty-server@9.4.2.v20170220

purl pkg:maven/org.eclipse.jetty/jetty-server@9.4.2.v20170220

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ceb-5aaj-zbfn

vulnerability	VCID-2p9t-s37z-b7ac

vulnerability	VCID-3k1u-qrwz-ubgu

vulnerability	VCID-3vps-uq7s-nfb7

vulnerability	VCID-6wmw-tne9-xbaz

vulnerability	VCID-9an6-1me1-97fc

vulnerability	VCID-9qyq-hht8-nqgz

vulnerability	VCID-bq5u-wuuv-m7au

vulnerability	VCID-emr9-k9h1-vkeb

vulnerability	VCID-f4kf-f8us-r7gn

vulnerability	VCID-gua7-n9ne-t3hk

vulnerability	VCID-jktf-sads-m7ca

vulnerability	VCID-p2fr-edcy-47ct

vulnerability	VCID-r7rk-5z6r-33a1

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@9.4.2.v20170220

url pkg:maven/org.eclipse.jetty/jetty-server@9.4.2.v20180619

purl pkg:maven/org.eclipse.jetty/jetty-server@9.4.2.v20180619

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ceb-5aaj-zbfn

vulnerability	VCID-2p9t-s37z-b7ac

vulnerability	VCID-3k1u-qrwz-ubgu

vulnerability	VCID-3vps-uq7s-nfb7

vulnerability	VCID-6wmw-tne9-xbaz

vulnerability	VCID-9an6-1me1-97fc

vulnerability	VCID-9qyq-hht8-nqgz

vulnerability	VCID-bq5u-wuuv-m7au

vulnerability	VCID-emr9-k9h1-vkeb

vulnerability	VCID-f4kf-f8us-r7gn

vulnerability	VCID-gua7-n9ne-t3hk

vulnerability	VCID-jktf-sads-m7ca

vulnerability	VCID-p2fr-edcy-47ct

vulnerability	VCID-r7rk-5z6r-33a1

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@9.4.2.v20180619

url pkg:maven/org.eclipse.jetty/jetty-server@9.4.3.v20170317

purl pkg:maven/org.eclipse.jetty/jetty-server@9.4.3.v20170317

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ceb-5aaj-zbfn

vulnerability	VCID-2p9t-s37z-b7ac

vulnerability	VCID-3k1u-qrwz-ubgu

vulnerability	VCID-3vps-uq7s-nfb7

vulnerability	VCID-6wmw-tne9-xbaz

vulnerability	VCID-9an6-1me1-97fc

vulnerability	VCID-9qyq-hht8-nqgz

vulnerability	VCID-bq5u-wuuv-m7au

vulnerability	VCID-emr9-k9h1-vkeb

vulnerability	VCID-f4kf-f8us-r7gn

vulnerability	VCID-gua7-n9ne-t3hk

vulnerability	VCID-jktf-sads-m7ca

vulnerability	VCID-p2fr-edcy-47ct

vulnerability	VCID-r7rk-5z6r-33a1

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@9.4.3.v20170317

url pkg:maven/org.eclipse.jetty/jetty-server@9.4.3.v20180619

purl pkg:maven/org.eclipse.jetty/jetty-server@9.4.3.v20180619

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ceb-5aaj-zbfn

vulnerability	VCID-2p9t-s37z-b7ac

vulnerability	VCID-3k1u-qrwz-ubgu

vulnerability	VCID-3vps-uq7s-nfb7

vulnerability	VCID-6wmw-tne9-xbaz

vulnerability	VCID-9an6-1me1-97fc

vulnerability	VCID-9qyq-hht8-nqgz

vulnerability	VCID-bq5u-wuuv-m7au

vulnerability	VCID-emr9-k9h1-vkeb

vulnerability	VCID-f4kf-f8us-r7gn

vulnerability	VCID-gua7-n9ne-t3hk

vulnerability	VCID-jktf-sads-m7ca

vulnerability	VCID-p2fr-edcy-47ct

vulnerability	VCID-r7rk-5z6r-33a1

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@9.4.3.v20180619

url pkg:maven/org.eclipse.jetty/jetty-server@9.4.4.v20170414

purl pkg:maven/org.eclipse.jetty/jetty-server@9.4.4.v20170414

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ceb-5aaj-zbfn

vulnerability	VCID-2p9t-s37z-b7ac

vulnerability	VCID-3k1u-qrwz-ubgu

vulnerability	VCID-3vps-uq7s-nfb7

vulnerability	VCID-6wmw-tne9-xbaz

vulnerability	VCID-9an6-1me1-97fc

vulnerability	VCID-9qyq-hht8-nqgz

vulnerability	VCID-bq5u-wuuv-m7au

vulnerability	VCID-emr9-k9h1-vkeb

vulnerability	VCID-f4kf-f8us-r7gn

vulnerability	VCID-gua7-n9ne-t3hk

vulnerability	VCID-jktf-sads-m7ca

vulnerability	VCID-p2fr-edcy-47ct

vulnerability	VCID-r7rk-5z6r-33a1

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@9.4.4.v20170414

url pkg:maven/org.eclipse.jetty/jetty-server@9.4.4.v20180619

purl pkg:maven/org.eclipse.jetty/jetty-server@9.4.4.v20180619

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ceb-5aaj-zbfn

vulnerability	VCID-2p9t-s37z-b7ac

vulnerability	VCID-3k1u-qrwz-ubgu

vulnerability	VCID-3vps-uq7s-nfb7

vulnerability	VCID-6wmw-tne9-xbaz

vulnerability	VCID-9an6-1me1-97fc

vulnerability	VCID-9qyq-hht8-nqgz

vulnerability	VCID-bq5u-wuuv-m7au

vulnerability	VCID-emr9-k9h1-vkeb

vulnerability	VCID-f4kf-f8us-r7gn

vulnerability	VCID-gua7-n9ne-t3hk

vulnerability	VCID-jktf-sads-m7ca

vulnerability	VCID-p2fr-edcy-47ct

vulnerability	VCID-r7rk-5z6r-33a1

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@9.4.4.v20180619

url pkg:maven/org.eclipse.jetty/jetty-server@9.4.5.v20170502

purl pkg:maven/org.eclipse.jetty/jetty-server@9.4.5.v20170502

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ceb-5aaj-zbfn

vulnerability	VCID-2p9t-s37z-b7ac

vulnerability	VCID-3k1u-qrwz-ubgu

vulnerability	VCID-3vps-uq7s-nfb7

vulnerability	VCID-6wmw-tne9-xbaz

vulnerability	VCID-9an6-1me1-97fc

vulnerability	VCID-9qyq-hht8-nqgz

vulnerability	VCID-bq5u-wuuv-m7au

vulnerability	VCID-emr9-k9h1-vkeb

vulnerability	VCID-f4kf-f8us-r7gn

vulnerability	VCID-gua7-n9ne-t3hk

vulnerability	VCID-jktf-sads-m7ca

vulnerability	VCID-p2fr-edcy-47ct

vulnerability	VCID-r7rk-5z6r-33a1

vulnerability	VCID-x5gr-c5yu-y3hs

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@9.4.5.v20170502

url pkg:maven/org.eclipse.jetty/jetty-server@9.4.5.v20180619

purl pkg:maven/org.eclipse.jetty/jetty-server@9.4.5.v20180619

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ceb-5aaj-zbfn

vulnerability	VCID-2p9t-s37z-b7ac

vulnerability	VCID-3k1u-qrwz-ubgu

vulnerability	VCID-3vps-uq7s-nfb7

vulnerability	VCID-6wmw-tne9-xbaz

vulnerability	VCID-9an6-1me1-97fc

vulnerability	VCID-9qyq-hht8-nqgz

vulnerability	VCID-bq5u-wuuv-m7au

vulnerability	VCID-emr9-k9h1-vkeb

vulnerability	VCID-f4kf-f8us-r7gn

vulnerability	VCID-gua7-n9ne-t3hk

vulnerability	VCID-jktf-sads-m7ca

vulnerability	VCID-p2fr-edcy-47ct

vulnerability	VCID-r7rk-5z6r-33a1

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@9.4.5.v20180619

url pkg:maven/org.eclipse.jetty/jetty-server@9.4.6.v20170531

purl pkg:maven/org.eclipse.jetty/jetty-server@9.4.6.v20170531

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ceb-5aaj-zbfn

vulnerability	VCID-2p9t-s37z-b7ac

vulnerability	VCID-3k1u-qrwz-ubgu

vulnerability	VCID-3vps-uq7s-nfb7

vulnerability	VCID-6wmw-tne9-xbaz

vulnerability	VCID-9an6-1me1-97fc

vulnerability	VCID-9qyq-hht8-nqgz

vulnerability	VCID-bq5u-wuuv-m7au

vulnerability	VCID-emr9-k9h1-vkeb

vulnerability	VCID-f4kf-f8us-r7gn

vulnerability	VCID-gua7-n9ne-t3hk

vulnerability	VCID-jktf-sads-m7ca

vulnerability	VCID-k829-sb45-hba9

vulnerability	VCID-p2fr-edcy-47ct

vulnerability	VCID-r7rk-5z6r-33a1

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@9.4.6.v20170531

url pkg:maven/org.eclipse.jetty/jetty-server@9.4.6.v20180619

purl pkg:maven/org.eclipse.jetty/jetty-server@9.4.6.v20180619

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ceb-5aaj-zbfn

vulnerability	VCID-2p9t-s37z-b7ac

vulnerability	VCID-3k1u-qrwz-ubgu

vulnerability	VCID-3vps-uq7s-nfb7

vulnerability	VCID-6wmw-tne9-xbaz

vulnerability	VCID-9an6-1me1-97fc

vulnerability	VCID-9qyq-hht8-nqgz

vulnerability	VCID-bq5u-wuuv-m7au

vulnerability	VCID-emr9-k9h1-vkeb

vulnerability	VCID-f4kf-f8us-r7gn

vulnerability	VCID-gua7-n9ne-t3hk

vulnerability	VCID-jktf-sads-m7ca

vulnerability	VCID-k829-sb45-hba9

vulnerability	VCID-p2fr-edcy-47ct

vulnerability	VCID-r7rk-5z6r-33a1

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@9.4.6.v20180619

url pkg:maven/org.eclipse.jetty/jetty-server@9.4.7.RC0

purl pkg:maven/org.eclipse.jetty/jetty-server@9.4.7.RC0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ceb-5aaj-zbfn

vulnerability	VCID-2p9t-s37z-b7ac

vulnerability	VCID-3k1u-qrwz-ubgu

vulnerability	VCID-3vps-uq7s-nfb7

vulnerability	VCID-6wmw-tne9-xbaz

vulnerability	VCID-9an6-1me1-97fc

vulnerability	VCID-9qyq-hht8-nqgz

vulnerability	VCID-bq5u-wuuv-m7au

vulnerability	VCID-emr9-k9h1-vkeb

vulnerability	VCID-f4kf-f8us-r7gn

vulnerability	VCID-gua7-n9ne-t3hk

vulnerability	VCID-jktf-sads-m7ca

vulnerability	VCID-k829-sb45-hba9

vulnerability	VCID-p2fr-edcy-47ct

vulnerability	VCID-r7rk-5z6r-33a1

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@9.4.7.RC0

url pkg:maven/org.eclipse.jetty/jetty-server@9.4.7.v20170914

purl pkg:maven/org.eclipse.jetty/jetty-server@9.4.7.v20170914

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ceb-5aaj-zbfn

vulnerability	VCID-2p9t-s37z-b7ac

vulnerability	VCID-3k1u-qrwz-ubgu

vulnerability	VCID-3vps-uq7s-nfb7

vulnerability	VCID-6wmw-tne9-xbaz

vulnerability	VCID-9an6-1me1-97fc

vulnerability	VCID-9qyq-hht8-nqgz

vulnerability	VCID-bq5u-wuuv-m7au

vulnerability	VCID-emr9-k9h1-vkeb

vulnerability	VCID-f4kf-f8us-r7gn

vulnerability	VCID-gua7-n9ne-t3hk

vulnerability	VCID-jktf-sads-m7ca

vulnerability	VCID-k829-sb45-hba9

vulnerability	VCID-p2fr-edcy-47ct

vulnerability	VCID-r7rk-5z6r-33a1

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@9.4.7.v20170914

url pkg:maven/org.eclipse.jetty/jetty-server@9.4.7.v20180619

purl pkg:maven/org.eclipse.jetty/jetty-server@9.4.7.v20180619

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ceb-5aaj-zbfn

vulnerability	VCID-2p9t-s37z-b7ac

vulnerability	VCID-3k1u-qrwz-ubgu

vulnerability	VCID-3vps-uq7s-nfb7

vulnerability	VCID-6wmw-tne9-xbaz

vulnerability	VCID-9an6-1me1-97fc

vulnerability	VCID-9qyq-hht8-nqgz

vulnerability	VCID-bq5u-wuuv-m7au

vulnerability	VCID-emr9-k9h1-vkeb

vulnerability	VCID-f4kf-f8us-r7gn

vulnerability	VCID-gua7-n9ne-t3hk

vulnerability	VCID-jktf-sads-m7ca

vulnerability	VCID-k829-sb45-hba9

vulnerability	VCID-p2fr-edcy-47ct

vulnerability	VCID-r7rk-5z6r-33a1

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@9.4.7.v20180619

url pkg:maven/org.eclipse.jetty/jetty-server@9.4.8.v20171121

purl pkg:maven/org.eclipse.jetty/jetty-server@9.4.8.v20171121

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ceb-5aaj-zbfn

vulnerability	VCID-2p9t-s37z-b7ac

vulnerability	VCID-3k1u-qrwz-ubgu

vulnerability	VCID-3vps-uq7s-nfb7

vulnerability	VCID-6wmw-tne9-xbaz

vulnerability	VCID-9an6-1me1-97fc

vulnerability	VCID-9qyq-hht8-nqgz

vulnerability	VCID-bq5u-wuuv-m7au

vulnerability	VCID-emr9-k9h1-vkeb

vulnerability	VCID-f4kf-f8us-r7gn

vulnerability	VCID-gua7-n9ne-t3hk

vulnerability	VCID-jktf-sads-m7ca

vulnerability	VCID-k829-sb45-hba9

vulnerability	VCID-p2fr-edcy-47ct

vulnerability	VCID-r7rk-5z6r-33a1

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@9.4.8.v20171121

url pkg:maven/org.eclipse.jetty/jetty-server@9.4.8.v20180619

purl pkg:maven/org.eclipse.jetty/jetty-server@9.4.8.v20180619

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ceb-5aaj-zbfn

vulnerability	VCID-2p9t-s37z-b7ac

vulnerability	VCID-3k1u-qrwz-ubgu

vulnerability	VCID-3vps-uq7s-nfb7

vulnerability	VCID-6wmw-tne9-xbaz

vulnerability	VCID-9an6-1me1-97fc

vulnerability	VCID-9qyq-hht8-nqgz

vulnerability	VCID-bq5u-wuuv-m7au

vulnerability	VCID-emr9-k9h1-vkeb

vulnerability	VCID-f4kf-f8us-r7gn

vulnerability	VCID-gua7-n9ne-t3hk

vulnerability	VCID-jktf-sads-m7ca

vulnerability	VCID-k829-sb45-hba9

vulnerability	VCID-p2fr-edcy-47ct

vulnerability	VCID-r7rk-5z6r-33a1

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@9.4.8.v20180619

url pkg:maven/org.eclipse.jetty/jetty-server@9.4.9.v20180320

purl pkg:maven/org.eclipse.jetty/jetty-server@9.4.9.v20180320

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ceb-5aaj-zbfn

vulnerability	VCID-2p9t-s37z-b7ac

vulnerability	VCID-3k1u-qrwz-ubgu

vulnerability	VCID-3vps-uq7s-nfb7

vulnerability	VCID-6wmw-tne9-xbaz

vulnerability	VCID-9an6-1me1-97fc

vulnerability	VCID-9qyq-hht8-nqgz

vulnerability	VCID-bq5u-wuuv-m7au

vulnerability	VCID-emr9-k9h1-vkeb

vulnerability	VCID-f4kf-f8us-r7gn

vulnerability	VCID-gua7-n9ne-t3hk

vulnerability	VCID-jktf-sads-m7ca

vulnerability	VCID-k829-sb45-hba9

vulnerability	VCID-p2fr-edcy-47ct

vulnerability	VCID-r7rk-5z6r-33a1

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@9.4.9.v20180320

url pkg:maven/org.eclipse.jetty/jetty-server@9.4.10.RC0

purl pkg:maven/org.eclipse.jetty/jetty-server@9.4.10.RC0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ceb-5aaj-zbfn

vulnerability	VCID-2p9t-s37z-b7ac

vulnerability	VCID-3k1u-qrwz-ubgu

vulnerability	VCID-3vps-uq7s-nfb7

vulnerability	VCID-6wmw-tne9-xbaz

vulnerability	VCID-9an6-1me1-97fc

vulnerability	VCID-9qyq-hht8-nqgz

vulnerability	VCID-bq5u-wuuv-m7au

vulnerability	VCID-emr9-k9h1-vkeb

vulnerability	VCID-f4kf-f8us-r7gn

vulnerability	VCID-gua7-n9ne-t3hk

vulnerability	VCID-jktf-sads-m7ca

vulnerability	VCID-k829-sb45-hba9

vulnerability	VCID-p2fr-edcy-47ct

vulnerability	VCID-r7rk-5z6r-33a1

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@9.4.10.RC0

url pkg:maven/org.eclipse.jetty/jetty-server@9.4.10.RC1

purl pkg:maven/org.eclipse.jetty/jetty-server@9.4.10.RC1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ceb-5aaj-zbfn

vulnerability	VCID-2p9t-s37z-b7ac

vulnerability	VCID-3k1u-qrwz-ubgu

vulnerability	VCID-3vps-uq7s-nfb7

vulnerability	VCID-6wmw-tne9-xbaz

vulnerability	VCID-9an6-1me1-97fc

vulnerability	VCID-9qyq-hht8-nqgz

vulnerability	VCID-bq5u-wuuv-m7au

vulnerability	VCID-emr9-k9h1-vkeb

vulnerability	VCID-f4kf-f8us-r7gn

vulnerability	VCID-gua7-n9ne-t3hk

vulnerability	VCID-jktf-sads-m7ca

vulnerability	VCID-k829-sb45-hba9

vulnerability	VCID-p2fr-edcy-47ct

vulnerability	VCID-r7rk-5z6r-33a1

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@9.4.10.RC1

url pkg:maven/org.eclipse.jetty/jetty-server@9.4.10.v20180503

purl pkg:maven/org.eclipse.jetty/jetty-server@9.4.10.v20180503

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ceb-5aaj-zbfn

vulnerability	VCID-2p9t-s37z-b7ac

vulnerability	VCID-3k1u-qrwz-ubgu

vulnerability	VCID-3vps-uq7s-nfb7

vulnerability	VCID-6wmw-tne9-xbaz

vulnerability	VCID-9an6-1me1-97fc

vulnerability	VCID-9qyq-hht8-nqgz

vulnerability	VCID-bq5u-wuuv-m7au

vulnerability	VCID-emr9-k9h1-vkeb

vulnerability	VCID-f4kf-f8us-r7gn

vulnerability	VCID-gua7-n9ne-t3hk

vulnerability	VCID-jktf-sads-m7ca

vulnerability	VCID-k829-sb45-hba9

vulnerability	VCID-p2fr-edcy-47ct

vulnerability	VCID-r7rk-5z6r-33a1

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@9.4.10.v20180503

References

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12538.json

reference_id

reference_type

scores

value	5.6
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12538.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-12538

reference_id

reference_type

scores

value	0.00515
scoring_system	epss
scoring_elements	0.6701
published_at	2026-06-07T12:55:00Z

value	0.00515
scoring_system	epss
scoring_elements	0.66977
published_at	2026-06-04T12:55:00Z

value	0.00515
scoring_system	epss
scoring_elements	0.67026
published_at	2026-06-06T12:55:00Z

value	0.00515
scoring_system	epss
scoring_elements	0.67017
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-12538

reference_url

https://bugs.eclipse.org/bugs/show_bug.cgi?id=536018

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugs.eclipse.org/bugs/show_bug.cgi?id=536018

reference_url

https://github.com/advisories/GHSA-mwcx-532g-8pq3

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-mwcx-532g-8pq3

reference_url	https://github.com/eclipse/jetty.project/commit/a0b8321ef452dddff9bc6c14e3ac0108239bfa2c
reference_id
reference_type
scores
url	https://github.com/eclipse/jetty.project/commit/a0b8321ef452dddff9bc6c14e3ac0108239bfa2c

reference_url

https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E

reference_url

https://security.netapp.com/advisory/ntap-20181014-0001

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20181014-0001

reference_url	https://security.netapp.com/advisory/ntap-20181014-0001/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20181014-0001/

reference_url

https://www.oracle.com/security-alerts/cpuoct2020.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuoct2020.html

reference_url

https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

reference_url

http://www.securitytracker.com/id/1041194

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.securitytracker.com/id/1041194

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1595453
reference_id	1595453
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1595453

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-12538

reference_id

CVE-2018-12538

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-12538

Weaknesses

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

cwe_id	384
name	Session Fixation
description	Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

cwe_id	6
name	J2EE Misconfiguration: Insufficient Session-ID Length
description	The J2EE application is configured to use an insufficient session ID length.

cwe_id	287
name	Improper Authentication
description	When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Exploits

Severity_range_score 5.6 - 8.9

Exploitability 0.5

Weighted_severity 8.0

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6wmw-tne9-xbaz

Vulnerability Instance