Description
In Eclipse Jetty versions 9.4.0 through 9.4.8, when using the optional Jetty provided FileSessionDataStore for persistent storage of HttpSession details, it is possible for a malicious user to access/hijack other HttpSessions and even delete unmatched HttpSessions present in the FileSystem's storage for the FileSessionDataStore.
Remediation
References
Related Vulnerabilities
Moodle Other Vulnerability (CVE-2006-4786)
WordPress Plugin File Manager Multiple Cross-Site Request Forgery Vulnerabilities (5.0)
MySQL CVE-2019-2803 Vulnerability (CVE-2019-2803)
WordPress Plugin OSM-OpenStreetMap SQL Injection (6.0.2)
Oracle Database Server CVE-2007-5512 Vulnerability (CVE-2007-5512)