Author: fw Date: 2007-05-04 16:42:29 +0000 (Fri, 04 May 2007) New Revision: 5779 Modified: data/CVE/list Log: rerate tomcat SSO issue; the affected feature is relatively obscure Modified: data/CVE/list ==================================================================--- data/CVE/list 2007-05-04 16:41:14 UTC (rev 5778) +++ data/CVE/list 2007-05-04 16:42:29 UTC (rev 5779) @@ -121,8 +121,8 @@ CVE-2007-2420 (SQL injection vulnerability in bry.asp in Burak Yilmaz Blog 1.0 allows ...) TODO: check CVE-2007-XXXX [Tomcat does not enforce HTTPS for SSO cookies] - - tomcat5 <unfixed> (medium) - - tomcat5.5 <unfixed> (medium) + - tomcat5 <unfixed> (low) + - tomcat5.5 <unfixed> (low) NOTE: SSO cookies sent over secure connections do not require NOTE: secure connections, possibly defeating HTTPS encryption. NOTE: See: http://issues.apache.org/bugzilla/show_bug.cgi?id=41217