[Secure-testing-commits] r24308 - data/CVE

[Salvatore Bonaccorso]

Author: carnil
Date: 2013-11-06 07:07:12 +0000 (Wed, 06 Nov 2013)
New Revision: 24308

Modified:
   data/CVE/list
Log:
Add CVE-2013-6348/libstruts1.2-java; not-affected; part/all of external check

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2013-11-06 07:03:30 UTC (rev 24307)
+++ data/CVE/list	2013-11-06 07:07:12 UTC (rev 24308)
@@ -529,7 +529,8 @@
 CVE-2013-6349 (McAfee Email Gateway (MEG) 7.0 before 7.0.4 and 7.5 before 7.5.1 ...)
 	TODO: check
 CVE-2013-6348 (Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts ...)
-	TODO: check
+	- libstruts1.2-java <not-affected> (Affects Struts 2.0.0 - Struts 2.3.15.3)
+	NOTE: https://issues.apache.org/jira/browse/WW-4213
 CVE-2013-6347 (Session fixation vulnerability in Novell ZENworks Configuration ...)
 	TODO: check
 CVE-2013-6346 (Cross-site request forgery (CSRF) vulnerability in the ZCC page in ...)