Bug#632399: tomcat6-admin doesn't use CSRF protections
Alex Dehnert
alex-net.url.org.debian.bugs at dehnerts.com
Fri Jul 1 16:52:20 UTC 2011
Package: tomcat6-admin
Version: 6.0.28-9+squeeze1
Severity: normal
Tags: security
According to the upstream changelog
(http://tomcat.apache.org/tomcat-6.0-doc/changelog.html), Tomcat 6.0.30 fixed a
CSRF vulnerability in the manager application. The Debian package does not have
these protections.
-- System Information:
Debian Release: 6.0.1
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: i386 (i686)
Kernel: Linux 2.6.32-5-686-bigmem (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages tomcat6-admin depends on:
ii tomcat6-common 6.0.28-9+squeeze1 Servlet and JSP engine -- common f
tomcat6-admin recommends no packages.
tomcat6-admin suggests no packages.
-- no debconf information
More information about the pkg-java-maintainers
mailing list