Red Hat Bugzilla – Bug 247976
CVE-2007-3385 tomcat handling of cookie values
Last modified: 2010-08-04 17:33:10 EDT
Mark Thomas said:
I had slightly different results to Jean-Frederic.
6.0.x - fixed - http://svn.apache.org/viewvc?view=rev&rev=553410
5.5.x - affected
5.0.x - IAE in some cases
4.1.x - affected
3.3.x - affected
This is all in the examples, so severity is low.
now public, removing embargo
tomcat5-5.5.25-1jpp.1.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.
tomcat5-5.5.25-1jpp.1.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
This issue has been addressed in following products:
Red Hat Certificate System 7.3
Via RHSA-2010:0602 https://rhn.redhat.com/errata/RHSA-2010-0602.html