Red Hat Bugzilla – Bug 178178
CVE-2006-0254 tomcat examples XSS
Last modified: 2008-02-23 01:06:50 EST
+++ This bug was initially created as a clone of Bug #178175 +++ A new cross-site scripting flaw has been reported in the tomcat jsp examples as shipped in tomcat5-webapps in Red Hat Application Server. See http://issues.apache.org/jira/browse/GERONIMO-1474 This is fixed in upstream svn. Marking this as moderate severity as users should not be putting examples into production environments. I've held off marking it low as the examples ought to show good practices and our users may copy the bad behaviour. Note also these issues http://issues.apache.org/bugzilla/show_bug.cgi?id=32953 Note: We've not looked which of these issues actually affect the tomcat5-webapps package.
This report targets the FC3 or FC4 products, which have now been EOL'd. Could you please check that it still applies to a current Fedora release, and either update the target product or close it ? Thanks.
Fedora Core 4 is no longer maintained. Setting status to "INSUFFICIENT_DATA". If you can reproduce this bug in the current Fedora release, please reopen this bug and assign it to the corresponding Fedora version.