cve-2006-6969
Vulnerability from cvelistv5
Published
2007-02-07 11:00
Modified
2024-08-07 20:50
Severity ?
EPSS score ?
Summary
Jetty before 4.2.27, 5.1 before 5.1.12, 6.0 before 6.0.2, and 6.1 before 6.1.0pre3 generates predictable session identifiers using java.util.random, which makes it easier for remote attackers to guess a session identifier through brute force attacks, bypass authentication requirements, and possibly conduct cross-site request forgery attacks.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:50:04.543Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "24070",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24070"
},
{
"name": "ADV-2007-0497",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/0497"
},
{
"name": "jetty-sessionid-session-hijacking(32240)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32240"
},
{
"name": "33108",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/33108"
},
{
"name": "22405",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22405"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://fisheye.codehaus.org/changelog/jetty/?cs=1274"
},
{
"name": "20070206 Re: Jetty Session ID Prediction",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2007-02/0070.html"
},
{
"name": "20070205 Jetty Session ID Prediction",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/459164/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-11-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Jetty before 4.2.27, 5.1 before 5.1.12, 6.0 before 6.0.2, and 6.1 before 6.1.0pre3 generates predictable session identifiers using java.util.random, which makes it easier for remote attackers to guess a session identifier through brute force attacks, bypass authentication requirements, and possibly conduct cross-site request forgery attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "24070",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24070"
},
{
"name": "ADV-2007-0497",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/0497"
},
{
"name": "jetty-sessionid-session-hijacking(32240)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32240"
},
{
"name": "33108",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/33108"
},
{
"name": "22405",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22405"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://fisheye.codehaus.org/changelog/jetty/?cs=1274"
},
{
"name": "20070206 Re: Jetty Session ID Prediction",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2007-02/0070.html"
},
{
"name": "20070205 Jetty Session ID Prediction",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/459164/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6969",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Jetty before 4.2.27, 5.1 before 5.1.12, 6.0 before 6.0.2, and 6.1 before 6.1.0pre3 generates predictable session identifiers using java.util.random, which makes it easier for remote attackers to guess a session identifier through brute force attacks, bypass authentication requirements, and possibly conduct cross-site request forgery attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "24070",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24070"
},
{
"name": "ADV-2007-0497",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0497"
},
{
"name": "jetty-sessionid-session-hijacking(32240)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32240"
},
{
"name": "33108",
"refsource": "OSVDB",
"url": "http://osvdb.org/33108"
},
{
"name": "22405",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22405"
},
{
"name": "http://fisheye.codehaus.org/changelog/jetty/?cs=1274",
"refsource": "CONFIRM",
"url": "http://fisheye.codehaus.org/changelog/jetty/?cs=1274"
},
{
"name": "20070206 Re: Jetty Session ID Prediction",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2007-02/0070.html"
},
{
"name": "20070205 Jetty Session ID Prediction",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/459164/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-6969",
"datePublished": "2007-02-07T11:00:00",
"dateReserved": "2007-02-07T00:00:00",
"dateUpdated": "2024-08-07T20:50:04.543Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:jetty:jetty_http_server:4.2.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"09FD2684-87CF-4B4D-B3D1-7DE43609D2E3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:jetty:jetty_http_server:4.2.11:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B82462AC-665D-41C0-B198-AA52784DF4C3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:jetty:jetty_http_server:4.2.12:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6B21ED45-9C48-4547-BDCE-7EB12B03AAEE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:jetty:jetty_http_server:4.2.14:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BA62A170-2544-4D3D-8E22-21F35D2E9944\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:jetty:jetty_http_server:4.2.15:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DF5CEA1C-1EC7-49D7-9485-FA8773DA2D8A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:jetty:jetty_http_server:4.2.16:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3F68F8E1-BF3C-4C99-BE93-985BB8AD51FF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:jetty:jetty_http_server:4.2.17:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D0F5EF68-A6FC-4FD7-8C36-4A8623C60622\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:jetty:jetty_http_server:4.2.18:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"858FCD10-5B40-4EA8-BA16-081EFC734695\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:jetty:jetty_http_server:4.2.19:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"01A293F8-45D0-46F3-93C3-A09542628FE0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:jetty:jetty_http_server:4.2.24:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"238E835C-8C44-4514-A320-E7294683C5A0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:jetty:jetty_http_server:5.1.11:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DBDF1C6A-C804-4F51-BFF6-ECB4584E4DDB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:jetty:jetty_http_server:6.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0ED02F5B-3F98-4603-B51B-DC5F7C81291C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:jetty:jetty_http_server:6.1.0_pre2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F734C638-26EB-426E-8505-798F2DC526AF\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Jetty before 4.2.27, 5.1 before 5.1.12, 6.0 before 6.0.2, and 6.1 before 6.1.0pre3 generates predictable session identifiers using java.util.random, which makes it easier for remote attackers to guess a session identifier through brute force attacks, bypass authentication requirements, and possibly conduct cross-site request forgery attacks.\"}, {\"lang\": \"es\", \"value\": \"Jetty anterior al 4.2.27, 5.1 anterior al 5.1.12, 6.0 anterior al 6.0.2 y 6.1 anterior al 6.1.0pre3 genera identificadores de sesi\\u00f3n predecibles utilizando java.util.random, lo que hace m\\u00e1s f\\u00e1cil para atacantes remotos el adivinar los identificadores de sesiones utilizando ataques de fuerza bruta y, posiblemente, llevar a cabo ataques de falsificaci\\u00f3n de petici\\u00f3n en sitios cruzados.\"}]",
"id": "CVE-2006-6969",
"lastModified": "2024-11-21T00:24:04.550",
"metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:P/A:P\", \"baseScore\": 6.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": true, \"userInteractionRequired\": false}]}",
"published": "2007-02-07T11:28:00.000",
"references": "[{\"url\": \"http://archives.neohapsis.com/archives/bugtraq/2007-02/0070.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://fisheye.codehaus.org/changelog/jetty/?cs=1274\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://osvdb.org/33108\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/24070\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/459164/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/22405\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2007/0497\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/32240\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://archives.neohapsis.com/archives/bugtraq/2007-02/0070.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://fisheye.codehaus.org/changelog/jetty/?cs=1274\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://osvdb.org/33108\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/24070\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/459164/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/22405\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2007/0497\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/32240\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2006-6969\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2007-02-07T11:28:00.000\",\"lastModified\":\"2024-11-21T00:24:04.550\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Jetty before 4.2.27, 5.1 before 5.1.12, 6.0 before 6.0.2, and 6.1 before 6.1.0pre3 generates predictable session identifiers using java.util.random, which makes it easier for remote attackers to guess a session identifier through brute force attacks, bypass authentication requirements, and possibly conduct cross-site request forgery attacks.\"},{\"lang\":\"es\",\"value\":\"Jetty anterior al 4.2.27, 5.1 anterior al 5.1.12, 6.0 anterior al 6.0.2 y 6.1 anterior al 6.1.0pre3 genera identificadores de sesi\u00f3n predecibles utilizando java.util.random, lo que hace m\u00e1s f\u00e1cil para atacantes remotos el adivinar los identificadores de sesiones utilizando ataques de fuerza bruta y, posiblemente, llevar a cabo ataques de falsificaci\u00f3n de petici\u00f3n en sitios cruzados.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":true,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jetty:jetty_http_server:4.2.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"09FD2684-87CF-4B4D-B3D1-7DE43609D2E3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jetty:jetty_http_server:4.2.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B82462AC-665D-41C0-B198-AA52784DF4C3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jetty:jetty_http_server:4.2.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6B21ED45-9C48-4547-BDCE-7EB12B03AAEE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jetty:jetty_http_server:4.2.14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BA62A170-2544-4D3D-8E22-21F35D2E9944\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jetty:jetty_http_server:4.2.15:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DF5CEA1C-1EC7-49D7-9485-FA8773DA2D8A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jetty:jetty_http_server:4.2.16:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3F68F8E1-BF3C-4C99-BE93-985BB8AD51FF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jetty:jetty_http_server:4.2.17:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D0F5EF68-A6FC-4FD7-8C36-4A8623C60622\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jetty:jetty_http_server:4.2.18:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"858FCD10-5B40-4EA8-BA16-081EFC734695\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jetty:jetty_http_server:4.2.19:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"01A293F8-45D0-46F3-93C3-A09542628FE0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jetty:jetty_http_server:4.2.24:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"238E835C-8C44-4514-A320-E7294683C5A0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jetty:jetty_http_server:5.1.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DBDF1C6A-C804-4F51-BFF6-ECB4584E4DDB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jetty:jetty_http_server:6.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0ED02F5B-3F98-4603-B51B-DC5F7C81291C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jetty:jetty_http_server:6.1.0_pre2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F734C638-26EB-426E-8505-798F2DC526AF\"}]}]}],\"references\":[{\"url\":\"http://archives.neohapsis.com/archives/bugtraq/2007-02/0070.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://fisheye.codehaus.org/changelog/jetty/?cs=1274\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://osvdb.org/33108\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/24070\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/archive/1/459164/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/22405\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2007/0497\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/32240\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://archives.neohapsis.com/archives/bugtraq/2007-02/0070.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://fisheye.codehaus.org/changelog/jetty/?cs=1274\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://osvdb.org/33108\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/24070\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/archive/1/459164/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/22405\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2007/0497\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/32240\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.