Can you confirm JBAS-2866 addresses these vulnerabilities since neither the description of the patch or JBAS-2866 explicitly reference either CVE-2007-3382 or CVE-2007-3385. (though JBAS-2866 is related to the use of quotes in cookies)
"Tomcat 5.5 servlet 2.4 web container with a fix for the JBAS-2866, as well as backported fixes for CVE-2005-2090, CVE-2006-3835, CVE-2006-7195, CVE-2007-0450, CVE-2007-1858, CVE-2005-3510, plus fixes for CVE-2007-2450 and CVE-2007-3386" View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4088178#4088178 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4088178 _______________________________________________ jboss-user mailing list [email protected] https://lists.jboss.org/mailman/listinfo/jboss-user
