Bug 42979 - Fixed JSP and Servlet for CVE-2007-1355 are not included in the sample.war
Fixed JSP and Servlet for CVE-2007-1355 are not included in the sample.war
Status: RESOLVED FIXED
Product: Tomcat 5
Classification: Unclassified
Component: Webapps:Documentation
5.5.24
All All
: P2 normal (vote)
: ---
Assigned To: Tomcat Developers Mailing List
http://jakarta.apache.org/tomcat/tomc...
:
Depends on:
Blocks:
  Show dependency tree
 
Reported: 2007-07-26 07:24 UTC by Vijay
Modified: 2007-07-30 16:49 UTC (History)
0 users



Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Vijay 2007-07-26 07:24:32 UTC
The JSP and Servlet which are part of the sample application are not updated in
the war file. The sample.war file still contains the old files. So this security
hole still exists in the latest tomcat distribution.
Comment 1 Mark Thomas 2007-07-30 16:49:15 UTC
Thanks for the report. This has been fixed in svn for 5.5.x and 6.0.x and will
be included in the next release of both.