[Secure-testing-commits] r5779 - data/CVE
Florian Weimer
fw at alioth.debian.org
Fri May 4 16:42:34 UTC 2007
Author: fw
Date: 2007-05-04 16:42:29 +0000 (Fri, 04 May 2007)
New Revision: 5779
Modified:
data/CVE/list
Log:
rerate tomcat SSO issue; the affected feature is relatively obscure
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-05-04 16:41:14 UTC (rev 5778)
+++ data/CVE/list 2007-05-04 16:42:29 UTC (rev 5779)
@@ -121,8 +121,8 @@
CVE-2007-2420 (SQL injection vulnerability in bry.asp in Burak Yilmaz Blog 1.0 allows ...)
TODO: check
CVE-2007-XXXX [Tomcat does not enforce HTTPS for SSO cookies]
- - tomcat5 <unfixed> (medium)
- - tomcat5.5 <unfixed> (medium)
+ - tomcat5 <unfixed> (low)
+ - tomcat5.5 <unfixed> (low)
NOTE: SSO cookies sent over secure connections do not require
NOTE: secure connections, possibly defeating HTTPS encryption.
NOTE: See: http://issues.apache.org/bugzilla/show_bug.cgi?id=41217
More information about the Secure-testing-commits
mailing list