[Secure-testing-commits] r6856 - data/CVE

nion at alioth.debian.org nion at alioth.debian.org
Sun Oct 7 15:07:22 UTC 2007


Author: nion
Date: 2007-10-07 15:07:22 +0000 (Sun, 07 Oct 2007)
New Revision: 6856

Modified:
   data/CVE/list
Log:
tomcat5->tomcat5.5

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2007-10-07 14:24:21 UTC (rev 6855)
+++ data/CVE/list	2007-10-07 15:07:22 UTC (rev 6856)
@@ -6522,8 +6522,8 @@
 CVE-2007-2420 (SQL injection vulnerability in bry.asp in Burak Yilmaz Blog 1.0 allows ...)
 	NOT-FOR-US: Burak Yilmaz Blog
 CVE-2007-XXXX [Tomcat does not enforce HTTPS for SSO cookies]
-	- tomcat5 5.5.23-1 (low)
-	- tomcat5.5 <unfixed> (low)
+	- tomcat5 <unfixed> (low)
+	- tomcat5.5 5.5.23-1 (low)
 	NOTE: SSO cookies sent over secure connections do not require
 	NOTE: secure connections, possibly defeating HTTPS encryption.
 	NOTE: See: http://issues.apache.org/bugzilla/show_bug.cgi?id=41217




More information about the Secure-testing-commits mailing list