full-disclosure - Re: CVE-2007-3382: Handling of cookies containing a ' character

lists.openwall.net		lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC
Open Source and information security mailing list archives

Hash Suite for Android: free password hash cracker in your pocket

[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]

Date: Tue, 14 Aug 2007 11:52:22 -0400
From: Christopher Schultz <chris@...istopherschultz.net>
To: Tomcat Users List <users@...cat.apache.org>
Cc: Tomcat Developers List <dev@...cat.apache.org>,
	full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com,
	"CERT\(R\) Coordination Center" <cert@...t.org>
Subject: Re: CVE-2007-3382: Handling of cookies containing
	a ' character

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Mark,

Mark Thomas wrote:
> CVE-2007-3382: Handling of cookies containing a ' character
> 
> Versions Affected:
> 5.5.0 to 5.5.24

Since 5.5.24 isn't yet released, will an upcoming 5.5.24 release include
a fix for this problem given:

> Mitigation:
> Upgrade to 6.0.14

?

Thanks,
- -chris

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGwc+29CaO5/Lv0PARAug2AJ98oeF8HRLiXIqqzDEazknml6N/pwCgiNkO
+SIMwuOKQWDG0lkT1okzO7I=
=6jSG
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/