Bug#441205: CVE-2007-4724 XSS in cal2.jsp

Nico Golde nion at debian.org
Fri Sep 7 12:42:13 UTC 2007

Package: tomcat5-webapps
Version: 5.0.30-12
Severity: minor
Tags: security

a CVE[0] has been issued against your package.
Cross-site request forgery (CSRF) vulnerability in cal2.jsp 
in the calendar examples application in Apache Tomcat 4.1.31 
allows remote attackers to add events as arbitrary users via 
the time and description parameters.

I verified that this isse is present in etch however it is 
fixed in tomcat5.5-webapps in unstable and testing.
Please include the CVE id in the changelog if you fix this 

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4724

Kind regards

Nico Golde - http://ngolde.de - nion at jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/pkg-java-maintainers/attachments/20070907/59d23e3e/attachment.pgp 

More information about the pkg-java-maintainers mailing list