Bug#441205: CVE-2007-4724 XSS in cal2.jsp
Nico Golde
nion at debian.org
Fri Sep 7 12:42:13 UTC 2007
Package: tomcat5-webapps
Version: 5.0.30-12
Severity: minor
Tags: security
Hi,
a CVE[0] has been issued against your package.
CVE-2007-4724:
Cross-site request forgery (CSRF) vulnerability in cal2.jsp
in the calendar examples application in Apache Tomcat 4.1.31
allows remote attackers to add events as arbitrary users via
the time and description parameters.
I verified that this isse is present in etch however it is
fixed in tomcat5.5-webapps in unstable and testing.
Please include the CVE id in the changelog if you fix this
issue.
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4724
Kind regards
Nico
--
Nico Golde - http://ngolde.de - nion at jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/pkg-java-maintainers/attachments/20070907/59d23e3e/attachment.pgp
More information about the pkg-java-maintainers
mailing list