[jboss-jira] [JBoss JIRA] Commented: (JBWEB-159) CVE-2009-0783
Mike Millson (JIRA)
jira-events at lists.jboss.org
Mon Jan 18 11:39:47 EST 2010
[ https://jira.jboss.org/jira/browse/JBWEB-159?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12506668#action_12506668 ]
Mike Millson commented on JBWEB-159:
------------------------------------
Rev 739522 patch applied here:
http://viewvc.jboss.org/cgi-bin/viewvc.cgi/jbossweb?view=revision&revision=1092
> CVE-2009-0783
> -------------
>
> Key: JBWEB-159
> URL: https://jira.jboss.org/jira/browse/JBWEB-159
> Project: JBoss Web
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Affects Versions: JBossWeb-2.1.3.GA
> Reporter: Mike Millson
> Assignee: Mike Millson
> Fix For: JBossWeb-2.1.6.GA
>
>
> Allows a web application to replace the XML parser used by Tomcat to process web.xml, context.xml and tld files. In limited circumstances these bugs may allow a rogue web application to view and/or alter the web.xml, context.xml and tld files of other web applications deployed on the Tomcat instance[1].
> [1]http://tomcat.apache.org/security-6.html
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list