Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
First Last Prev Next    This bug is not in your last search results.
Bug 178178 - CVE-2006-0254 tomcat examples XSS
CVE-2006-0254 tomcat examples XSS
Status: CLOSED INSUFFICIENT_DATA
Product: Fedora
Classification: Fedora
Component: tomcat (Show other bugs)
4
All Linux
medium Severity medium
: ---
: ---
Assigned To: Gary Benson
reported=20050117,source=cve,public=2...
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-01-18 05:49 EST by Mark J. Cox
Modified: 2008-02-23 01:06 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-02-23 01:06:50 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Mark J. Cox 2006-01-18 05:49:30 EST 
+++ This bug was initially created as a clone of Bug #178175 +++

A new cross-site scripting flaw has been reported in the tomcat jsp examples as
shipped in tomcat5-webapps in Red Hat Application Server.  See

http://issues.apache.org/jira/browse/GERONIMO-1474

This is fixed in upstream svn.

Marking this as moderate severity as users should not be putting examples into
production environments.  I've held off marking it low as the examples ought to
show good practices and our users may copy the bad behaviour.

Note also these issues
http://issues.apache.org/bugzilla/show_bug.cgi?id=32953

Note: We've not looked which of these issues actually affect the tomcat5-webapps
package.
Comment 1 Christian Iseli 2007-01-22 06:19:41 EST 
This report targets the FC3 or FC4 products, which have now been EOL'd.

Could you please check that it still applies to a current Fedora release, and
either update the target product or close it ?

Thanks.
Comment 2 petrosyan 2008-02-23 01:06:50 EST 
Fedora Core 4 is no longer maintained.

Setting status to "INSUFFICIENT_DATA". If you can reproduce this bug in the
current Fedora release, please reopen this bug and assign it to the
corresponding Fedora version.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.