Return-Path: Delivered-To: apmail-tomcat-users-archive@www.apache.org Received: (qmail 53486 invoked from network); 14 Aug 2007 15:53:14 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 14 Aug 2007 15:53:14 -0000 Received: (qmail 40134 invoked by uid 500); 14 Aug 2007 15:53:02 -0000 Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org Received: (qmail 39974 invoked by uid 500); 14 Aug 2007 15:53:01 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 39957 invoked by uid 99); 14 Aug 2007 15:53:01 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 14 Aug 2007 08:53:01 -0700 X-ASF-Spam-Status: No, hits=1.2 required=10.0 tests=SPF_NEUTRAL X-Spam-Check-By: apache.org Received-SPF: neutral (athena.apache.org: local policy) Received: from [63.240.77.83] (HELO sccrmhc13.comcast.net) (63.240.77.83) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 14 Aug 2007 15:52:56 +0000 Received: from [192.168.1.101] (c-68-50-0-179.hsd1.va.comcast.net[68.50.0.179]) by comcast.net (sccrmhc13) with ESMTP id <2007081415522901300k9c72e>; Tue, 14 Aug 2007 15:52:34 +0000 Message-ID: <46C1CFB6.10702@christopherschultz.net> Date: Tue, 14 Aug 2007 11:52:22 -0400 From: Christopher Schultz User-Agent: Thunderbird 2.0.0.6 (Windows/20070728) MIME-Version: 1.0 To: Tomcat Users List CC: Tomcat Developers List , full-disclosure@lists.grok.org.uk, bugtraq@securityfocus.com, "CERT(R) Coordination Center" Subject: Re: CVE-2007-3382: Handling of cookies containing a ' character References: <46C12155.5060405@apache.org> In-Reply-To: <46C12155.5060405@apache.org> X-Enigmail-Version: 0.95.3 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mark, Mark Thomas wrote: > CVE-2007-3382: Handling of cookies containing a ' character > > Versions Affected: > 5.5.0 to 5.5.24 Since 5.5.24 isn't yet released, will an upcoming 5.5.24 release include a fix for this problem given: > Mitigation: > Upgrade to 6.0.14 ? Thanks, - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGwc+29CaO5/Lv0PARAug2AJ98oeF8HRLiXIqqzDEazknml6N/pwCgiNkO +SIMwuOKQWDG0lkT1okzO7I= =6jSG -----END PGP SIGNATURE----- --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org For additional commands, e-mail: users-help@tomcat.apache.org