Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 428268

Summary: CVE-2007-5333 Improve cookie parsing for tomcat5 [rhn_satellite_4.2]
Product: Red Hat Satellite 5 Reporter: Marc Schoenefeld <mschoene>
Component: OtherAssignee: Miroslav Suchý <msuchy>
Status: CLOSED WONTFIX QA Contact: Preethi Thomas <pthomas>
Severity: low Docs Contact:
Priority: low    
Version: 420Keywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-06-03 14:11:48 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 135141, 427766, 439866    

Description Marc Schoenefeld 2008-01-10 12:48:42 UTC 
rhn_satellite_4.2 tracking bug: see blocks bug list for full details of the security issue(s).

This bug is never intended to be made public, please put any public notes in the 'blocks' bugs.

For the security issues handling process overview see: http://intranet.corp.redhat.com/ic/intranet/SecurityZStreamFAQ

[bug automatically created by: add-tracking-bugs]
Comment 1 Miroslav Suchý 2008-04-16 12:00:19 UTC 
Promoted tomcat5-5.0.30-0jpp_10rh.noarch.rpm from support-satellite-5.0-4AS-java
collection, where we fixed it.
Comment 2 Miroslav Suchý 2008-04-29 12:18:52 UTC 
QA push for 4.2.3 complete: satellite-4.2.3-1 and proxy-4.2.3-1 are
now on webqa. Note that there is _no_ ISO planned for the 4.2.3
release.

Developers, please move your bugs ON_QA.
Comment 3 Preethi Thomas 2008-05-07 18:01:49 UTC 
verified in sat 4.2.3 rhel3 & rhel4
Comment 4 Mark J. Cox 2008-06-02 09:25:34 UTC 
Even if fix is included we won't claim to fix this CVE because of 

https://bugzilla.redhat.com/show_bug.cgi?id=428269#c7
Comment 5 Miroslav Suchý 2008-06-03 14:11:48 UTC 
WontFIX based on #4