Bug#441205: CVE-2007-4724 XSS in cal2.jsp
nion at debian.org
Fri Sep 7 12:42:13 UTC 2007
a CVE has been issued against your package.
Cross-site request forgery (CSRF) vulnerability in cal2.jsp
in the calendar examples application in Apache Tomcat 4.1.31
allows remote attackers to add events as arbitrary users via
the time and description parameters.
I verified that this isse is present in etch however it is
fixed in tomcat5.5-webapps in unstable and testing.
Please include the CVE id in the changelog if you fix this
Nico Golde - http://ngolde.de - nion at jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/pkg-java-maintainers/attachments/20070907/59d23e3e/attachment.pgp
More information about the pkg-java-maintainers