[jboss-jira] [JBoss JIRA] Commented: (JBWEB-163) CVE-2009-2693, CVE-2009-3555
Mike Millson (JIRA)
jira-events at lists.jboss.org
Wed Apr 14 08:54:26 EDT 2010
[ https://jira.jboss.org/jira/browse/JBWEB-163?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12525626#action_12525626 ]
Mike Millson commented on JBWEB-163:
------------------------------------
The fix for CVE-2009-2693 is in JBCOMMON-108. The upstream Tomcat fix does not address the issue because JBossWeb uses a different deployer.
> CVE-2009-2693, CVE-2009-3555
> ----------------------------
>
> Key: JBWEB-163
> URL: https://jira.jboss.org/jira/browse/JBWEB-163
> Project: JBoss Web
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Components: Core
> Reporter: Mike Millson
> Assignee: Mike Millson
> Fix For: JBossWeb-3.0.0.Beta3
>
>
> CVE-2009-2693 tomcat: unexpected file deletion and/or alteration
> CVE-2009-3555 TLS: MITM attacks via session renegotiation
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list