[Secure-testing-commits] r5775 - data/CVE
Florian Weimer
fw at alioth.debian.org
Thu May 3 19:30:59 UTC 2007
Author: fw
Date: 2007-05-03 19:30:54 +0000 (Thu, 03 May 2007)
New Revision: 5775
Modified:
data/CVE/list
Log:
tomcat5/tomcat5.5 issue involving insecure SSO cookies
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-05-03 00:41:26 UTC (rev 5774)
+++ data/CVE/list 2007-05-03 19:30:54 UTC (rev 5775)
@@ -1,3 +1,9 @@
+CVE-2007-XXXX [Tomcat does not enforce HTTPS for SSO cookies]
+ - tomcat5 <unfixed> (medium)
+ - tomcat5.5 <unfixed> (medium)
+ NOTE: SSO cookies sent over secure connections do not require
+ NOTE: secure connections, possibly defeating HTTPS encryption.
+ NOTE: See: http://issues.apache.org/bugzilla/show_bug.cgi?id=41217
CVE-2007-2419
RESERVED
CVE-2007-2418
More information about the Secure-testing-commits
mailing list