Bug 42979

Summary: Fixed JSP and Servlet for CVE-2007-1355 are not included in the sample.war
Product: Tomcat 5 Reporter: Vijay <vijay2612>
Component: Webapps:DocumentationAssignee: Tomcat Developers Mailing List <dev>
Severity: normal    
Priority: P2    
Version: 5.5.24   
Target Milestone: ---   
Hardware: All   
OS: All   
URL: http://jakarta.apache.org/tomcat/tomcat-5.5-doc/appdev/sample/sample.war

Description Vijay 2007-07-26 07:24:32 UTC
The JSP and Servlet which are part of the sample application are not updated in
the war file. The sample.war file still contains the old files. So this security
hole still exists in the latest tomcat distribution.
Comment 1 Mark Thomas 2007-07-30 16:49:15 UTC
Thanks for the report. This has been fixed in svn for 5.5.x and 6.0.x and will
be included in the next release of both.