Re: CVE-2007-3382: Handling of cookies containing a ' character

To: Tomcat Users List <users@xxxxxxxxxxxxxxxxx>
Subject: Re: CVE-2007-3382: Handling of cookies containing a ' character
From: Christopher Schultz <chris@xxxxxxxxxxxxxxxxxxxxxx>
Date: Tue, 14 Aug 2007 11:52:22 -0400
Cc: Tomcat Developers List <dev@xxxxxxxxxxxxxxxxx>, full-disclosure@xxxxxxxxxxxxxxxxx, bugtraq@xxxxxxxxxxxxxxxxx, "CERT(R) Coordination Center" <cert@xxxxxxxx>
In-reply-to: <46C12155.5060405@xxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
References: <46C12155.5060405@xxxxxxxxxx>
User-agent: Thunderbird 2.0.0.6 (Windows/20070728)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Mark,

Mark Thomas wrote:
> CVE-2007-3382: Handling of cookies containing a ' character
> 
> Versions Affected:
> 5.5.0 to 5.5.24

Since 5.5.24 isn't yet released, will an upcoming 5.5.24 release include
a fix for this problem given:

> Mitigation:
> Upgrade to 6.0.14

?

Thanks,
- -chris

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGwc+29CaO5/Lv0PARAug2AJ98oeF8HRLiXIqqzDEazknml6N/pwCgiNkO
+SIMwuOKQWDG0lkT1okzO7I=
=6jSG
-----END PGP SIGNATURE-----

References:
- CVE-2007-3382: Handling of cookies containing a ' character
  - From: Mark Thomas

Prev by Date: COSEINC Linux Advisory #1: Linux Kernel Parent Process Death Signal Vulnerability
Next by Date: WireShark MMS Remote Denial of Service vulnerability
Previous by thread: CVE-2007-3382: Handling of cookies containing a ' character
Next by thread: [ MDKSA-2007:158 ] - Updated xpdf packages fix vulnerability
Index(es):
- Date
- Thread