tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jkew <j...@sourcelabs.com>
Subject Re: CVE-2007-3382: Handling of cookies containing a ' character
Date Tue, 14 Aug 2007 18:52:19 GMT
Rainer Jung wrote:
> Until now I didn't notice a commited fix for the cookie problem, but 
> Mark or Filip might comment whether there are plans to include a fix 
> in 5.5.25.
>
For CVE 3382, the fix appears to be in 5.5.x HEAD (rev 559280 and rev 
557468) and 6.0.x HEAD (rev 557467) -- These checkins were committed 
around July 19th. These checkins may also apply to CVE-3385 but I'm 
still researching.

http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/http/Cookies.java?view=log
http://svn.apache.org/viewvc/tomcat/connectors/trunk/util/java/org/apache/tomcat/util/http/Cookies.java?view=log


-John

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message