tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jkew <>
Subject Re: CVE-2007-3382: Handling of cookies containing a ' character
Date Tue, 14 Aug 2007 18:52:19 GMT
Rainer Jung wrote:
> Until now I didn't notice a commited fix for the cookie problem, but 
> Mark or Filip might comment whether there are plans to include a fix 
> in 5.5.25.
For CVE 3382, the fix appears to be in 5.5.x HEAD (rev 559280 and rev 
557468) and 6.0.x HEAD (rev 557467) -- These checkins were committed 
around July 19th. These checkins may also apply to CVE-3385 but I'm 
still researching.


To start a new topic, e-mail:
To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message