thr3ads.net - Secure testing commits - [Secure-testing-commits] r6855

If this information is useful, please help other people find it:
Share via:

Twitter
Facebook
Email

nion at alioth.debian.org

2007-Oct-07 14:24 UTC

[Secure-testing-commits] r6855 - data/CVE

Author: nion
Date: 2007-10-07 14:24:21 +0000 (Sun, 07 Oct 2007)
New Revision: 6855

Modified:
   data/CVE/list
Log:
missing https enforcement for sso cookies in tomcat fixed in 5.5.23-1


Modified: data/CVE/list
==================================================================---
data/CVE/list	2007-10-07 14:17:40 UTC (rev 6854)
+++ data/CVE/list	2007-10-07 14:24:21 UTC (rev 6855)
@@ -6522,7 +6522,7 @@
 CVE-2007-2420 (SQL injection vulnerability in bry.asp in Burak Yilmaz Blog 1.0
allows ...)
 	NOT-FOR-US: Burak Yilmaz Blog
 CVE-2007-XXXX [Tomcat does not enforce HTTPS for SSO cookies]
-	- tomcat5 <unfixed> (low)
+	- tomcat5 5.5.23-1 (low)
 	- tomcat5.5 <unfixed> (low)
 	NOTE: SSO cookies sent over secure connections do not require
 	NOTE: secure connections, possibly defeating HTTPS encryption.

Secure testing commits - Oct 2007 - r6855 - data/CVE

[Secure-testing-commits] r6855 - data/CVE