[jboss-jira] [JBoss JIRA] Commented: (JBWEB-159) CVE-2009-0783

Monday, 18 January 2010

    [
https://jira.jboss.org/jira/browse/JBWEB-159?page=com.atlassian.jira.plug...
] 

Mike Millson commented on JBWEB-159:
------------------------------------

Rev 652592 patch applied here: 
http://viewvc.jboss.org/cgi-bin/viewvc.cgi/jbossweb?view=revision&rev...

...
 CVE-2009-0783
 -------------

                 Key: JBWEB-159
                 URL: https://jira.jboss.org/jira/browse/JBWEB-159
             Project: JBoss Web
          Issue Type: Bug
      Security Level: Public(Everyone can see) 
    Affects Versions: JBossWeb-2.1.3.GA
            Reporter: Mike Millson
            Assignee: Mike Millson
             Fix For: JBossWeb-2.1.6.GA

 Allows a web application to replace the XML parser used by Tomcat to process web.xml,
context.xml and tld files. In limited circumstances these bugs may allow a rogue web
application to view and/or alter the web.xml, context.xml and tld files of other web
applications deployed on the Tomcat instance[1].
 [1]http://tomcat.apache.org/security-6.html 
-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

[jboss-jira] [JBoss JIRA] Commented: (JBWEB-159) CVE-2009-0783