VYPR
High severity8.8NVD Advisory· Published Jun 22, 2018· Updated Jun 17, 2026

CVE-2018-12538

CVE-2018-12538

Description

In Eclipse Jetty versions 9.4.0 through 9.4.8, when using the optional Jetty provided FileSessionDataStore for persistent storage of HttpSession details, it is possible for a malicious user to access/hijack other HttpSessions and even delete unmatched HttpSessions present in the FileSystem's storage for the FileSessionDataStore.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.eclipse.jetty:jetty-serverMaven
>= 9.4.0, < 9.4.11.v201806059.4.11.v20180605

Affected products

2

Patches

Vulnerability mechanics

References

10

News mentions

0

No linked articles in our index yet.