|Summary:||Fixed JSP and Servlet for CVE-2007-1355 are not included in the sample.war|
|Product:||Tomcat 5||Reporter:||Vijay <vijay2612>|
|Component:||Webapps:Documentation||Assignee:||Tomcat Developers Mailing List <dev>|
Description Vijay 2007-07-26 07:24:32 UTC
The JSP and Servlet which are part of the sample application are not updated in the war file. The sample.war file still contains the old files. So this security hole still exists in the latest tomcat distribution.
Comment 1 Mark Thomas 2007-07-30 16:49:15 UTC
Thanks for the report. This has been fixed in svn for 5.5.x and 6.0.x and will be included in the next release of both.