Old Tomcat 4.1 Cross-Site Scripting Vulnerability
Paul Dwerryhouse
paul@dwerryhouse.com.au
Thu Nov 18 08:01:03 2004
Hi,
I'm doing some follow-up work for the debian secure-testing project,
and I'm wondering if someone here might know about the following
cross-site scripting vulnerability which was claimed to be in Tomcat 4.1.
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1567
http://archives.neohapsis.com/archives/vuln-dev/2002-q3/0482.html
I can't see any references to it in the changelog, and frankly, I don't
know enough about Tomcat to be able to work out for myself if the Debian
package is vulnerable or not.
Can anyone tell me if this was ever addressed in the tomcat4 package,
or if it turned out to be a non-issue?
Thanks,
Paul
--
Paul Dwerryhouse | PGP Key ID:
Amsterdam, The Netherlands (X) <-> Melbourne, Australia ( ) | 0x6B91B584