Package: tomcat5.5 Severity: important Tags: security Hi
The following CVE[0] has been issued against tomcat5.5 CVE-2008-1947: Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add. Some more information may be obtained from this report[1]. Please mention the CVE id in your changelog, when you fix this issue. Cheers Steffen [0]: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1947 [1]: http://marc.info/?l=tomcat-user&m=121244319501278&w=2 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
