-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Tags: patch
See http://svn.apache.org/viewvc?view=revision&revision=1037779 On 2010-12-29 18:29, Giuseppe Iuculano wrote: > Package: tomcat6 > Severity: serious > Tags: security > > Hi, > the following CVE (Common Vulnerabilities & Exposures) id was > published for tomcat6. > > CVE-2010-4312[0]: > | The default configuration of Apache Tomcat 6.x does not include the > | HTTPOnly flag in a Set-Cookie header, which makes it easier for remote > | attackers to hijack a session via script access to a cookie. > > If you fix the vulnerability please also make sure to include the > CVE id in your changelog entry. > > For further information see: > > [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4312 > http://security-tracker.debian.org/tracker/CVE-2010-4312 > > __ This is the maintainer address of Debian's Java team <http://lists.alioth.debian.org/mailman/listinfo/pkg-java-maintainers>. Please use [email protected] for discussions and questions. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBCAAGBQJNG44oAAoJEAVLu599gGRCTqIP/2Fnz5WjJdsAZIqZ1MlGUIqa G1/R7RIO3VslZ0WSt6mhoMrBNB6QXx11zJb+VLTrGz6dpH95yV7aL9+iio2ss0nK fY99kAkAGOeaisH07vjxGV1Yudf67C9HJlWyMC9U406lA6ZEvpEx7xg5xBNgUskK 9czIMzo8WKxv8m9CM5y111bSYqO2w0vK9znKKHnexwXUxKMI9R0jFO5FHuHurKAj 6yRPgK5DX20X20NUgb1XhjlRN/UENJe2jmHkimwm6kjFAqtJKbBCqPAB9so6r1EO nBRHKZks8aEXg6Ut6x0B+NBaM0nHdIoPclRju4vI931FZAIdMEkUsOmsLPfzCGq+ a1y38XgVI4pg6IL+N506UUdojdKfuD/UIDb/C5V6tew/TG/Vk3wCtYGynjKB4PAL l1VC3Is5rxCWqG7Rb8uYueu9yqjtNbivVZEwL3ztb5py6+ylr2q13fwIJ74gIGae D62jQmf8sOeTee6NOckdIHicdjxzWMoFjbERSUUCtHHw2CJdqlls5+xyErKgRZOI 2HwcyyLL6OO6jcBHzJO6w3gLM3YKxCKbABjP8EaANznX+D2o4yb9gJFY8CoVk/z8 bMVBPbUmu8nyBzYCWhJcANhoofzp/o6o5dLbeo4U7jqkC54WaN9iuH8EqQIQjFg6 jeZp3i9Bn2QyDRNxQCRA =O110 -----END PGP SIGNATURE----- __ This is the maintainer address of Debian's Java team <http://lists.alioth.debian.org/mailman/listinfo/pkg-java-maintainers>. Please use [email protected] for discussions and questions.
