From: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1355 Fixed in Tomcat 6.0.11, 5.5.24, 5.0.HEAD, 4.1.HEAD Description of problem: Multiple cross-site scripting (XSS) vulnerabilities in the appdev/sample/web/hello.jsp example application in Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.23, and 6.0.0 through 6.0.10 allow remote attackers to inject arbitrary web script or HTML via the test parameter and unspecified vectors.
tomcat5-5.5.25-1jpp.1.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.
tomcat5-5.5.25-1jpp.1.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.