Full Disclosure mailing list archives
Re: CVE-2007-3382: Handling of cookies containing a ' character
From: Ismail Dönmez <ismail () pardus org tr>
Date: Tue, 14 Aug 2007 22:14:37 +0300
On Tuesday 14 August 2007 18:52:22 Christopher Schultz wrote:
Mark, Mark Thomas wrote:CVE-2007-3382: Handling of cookies containing a ' character Versions Affected: 5.5.0 to 5.5.24Since 5.5.24 isn't yet released, will an upcoming 5.5.24 release include a fix for this problem given:Mitigation: Upgrade to 6.0.14?
Are Tomcat developers being trying to be funny? Suggested fix for a security bug is a version jump? *sigh* /ismail -- Perfect is the enemy of good _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- CVE-2007-3382: Handling of cookies containing a ' character Mark Thomas (Aug 14)
- Re: CVE-2007-3382: Handling of cookies containing a ' character Christopher Schultz (Aug 14)
- Re: CVE-2007-3382: Handling of cookies containing a ' character Ismail Dönmez (Aug 14)
- Re: CVE-2007-3382: Handling of cookies containing a ' character Christopher Schultz (Aug 14)