CVE-2018-12538
In Eclipse Jetty versions 9.4.0 through 9.4.8, when using the optional Jetty provided FileSessionDataStore for persistent storage of HttpSession details, it is possible for a malicious user to access/hijack other HttpSessions and even delete unmatched HttpSessions present in the FileSystem's storage for the FileSessionDataStore.List of 2,567 websites affected by CVE-2018-12538
The domain names are hidden due to the sensitivity of the data. Please click on the "Contact us" button above to get more information.
| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ******.rocks |  Netherlands | **,*** | |
| ******.***.***.br |  Brazil | **,*** | |
| *********.se |  Sweden | **,*** | |
| *******.org |  United States | **,*** | |
| ***.***.at |  Austria | **,*** | |
| **********.**.com | United States | **,*** | |
| *****.****.edu | United States | **,*** | |
| ***.**********.edu | United States | **,*** | |
| ******.***.es |  Spain | ***,*** | |
| ******.com |  Finland | ***,*** | |
| ***.***.at | Austria | ***,*** | |
| *******.de |  Germany | ***,*** | |
| **************.********.edu | United States | ***,*** | |
| ****.**.uk |  GB | ***,*** | |
| **********.******.com | Germany | ***,*** | |
| *******.org | United States | ***,*** | |
| *******.exposed | Netherlands | ***,*** | |
| ******.***.at | Austria | ***,*** | |
| ***********.**********.com | United States | ***,*** | |
| ***********.exposed | Netherlands | ***,*** |