Author: nion Date: 2007-10-07 15:07:22 +0000 (Sun, 07 Oct 2007) New Revision: 6856 Modified: data/CVE/list Log: tomcat5->tomcat5.5 Modified: data/CVE/list ==================================================================--- data/CVE/list 2007-10-07 14:24:21 UTC (rev 6855) +++ data/CVE/list 2007-10-07 15:07:22 UTC (rev 6856) @@ -6522,8 +6522,8 @@ CVE-2007-2420 (SQL injection vulnerability in bry.asp in Burak Yilmaz Blog 1.0 allows ...) NOT-FOR-US: Burak Yilmaz Blog CVE-2007-XXXX [Tomcat does not enforce HTTPS for SSO cookies] - - tomcat5 5.5.23-1 (low) - - tomcat5.5 <unfixed> (low) + - tomcat5 <unfixed> (low) + - tomcat5.5 5.5.23-1 (low) NOTE: SSO cookies sent over secure connections do not require NOTE: secure connections, possibly defeating HTTPS encryption. NOTE: See: http://issues.apache.org/bugzilla/show_bug.cgi?id=41217