[Secure-testing-commits] r6855 - data/CVE
nion at alioth.debian.org
nion at alioth.debian.org
Sun Oct 7 14:24:22 UTC 2007
Author: nion
Date: 2007-10-07 14:24:21 +0000 (Sun, 07 Oct 2007)
New Revision: 6855
Modified:
data/CVE/list
Log:
missing https enforcement for sso cookies in tomcat fixed in 5.5.23-1
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-10-07 14:17:40 UTC (rev 6854)
+++ data/CVE/list 2007-10-07 14:24:21 UTC (rev 6855)
@@ -6522,7 +6522,7 @@
CVE-2007-2420 (SQL injection vulnerability in bry.asp in Burak Yilmaz Blog 1.0 allows ...)
NOT-FOR-US: Burak Yilmaz Blog
CVE-2007-XXXX [Tomcat does not enforce HTTPS for SSO cookies]
- - tomcat5 <unfixed> (low)
+ - tomcat5 5.5.23-1 (low)
- tomcat5.5 <unfixed> (low)
NOTE: SSO cookies sent over secure connections do not require
NOTE: secure connections, possibly defeating HTTPS encryption.
More information about the Secure-testing-commits
mailing list