thr3ads.net - Secure testing commits - [Secure-testing-commits] r5775

If this information is useful, please help other people find it:
Share via:

Twitter
Facebook
Email

Florian Weimer

2007-May-03 19:31 UTC

[Secure-testing-commits] r5775 - data/CVE

Author: fw
Date: 2007-05-03 19:30:54 +0000 (Thu, 03 May 2007)
New Revision: 5775

Modified:
   data/CVE/list
Log:
tomcat5/tomcat5.5 issue involving insecure SSO cookies


Modified: data/CVE/list
==================================================================---
data/CVE/list	2007-05-03 00:41:26 UTC (rev 5774)
+++ data/CVE/list	2007-05-03 19:30:54 UTC (rev 5775)
@@ -1,3 +1,9 @@
+CVE-2007-XXXX [Tomcat does not enforce HTTPS for SSO cookies]
+	- tomcat5 <unfixed> (medium)
+	- tomcat5.5 <unfixed> (medium)
+	NOTE: SSO cookies sent over secure connections do not require
+	NOTE: secure connections, possibly defeating HTTPS encryption.
+	NOTE: See: http://issues.apache.org/bugzilla/show_bug.cgi?id=41217
 CVE-2007-2419
 	RESERVED
 CVE-2007-2418

Secure testing commits - May 2007 - r5775 - data/CVE

[Secure-testing-commits] r5775 - data/CVE