Bug 42979 - Fixed JSP and Servlet for CVE-2007-1355 are not included in the sample.war
Summary: Fixed JSP and Servlet for CVE-2007-1355 are not included in the sample.war
Status: RESOLVED FIXED
Alias: None
Product: Tomcat 5
Classification: Unclassified
Component: Webapps:Documentation (show other bugs)
Version: 5.5.24
Hardware: All All
: P2 normal (vote)
Target Milestone: ---
Assignee: Tomcat Developers Mailing List
URL: http://jakarta.apache.org/tomcat/tomc...
Keywords:
Depends on:
Blocks:
 
Reported: 2007-07-26 07:24 UTC by Vijay
Modified: 2007-07-30 16:49 UTC (History)
0 users



Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Vijay 2007-07-26 07:24:32 UTC
The JSP and Servlet which are part of the sample application are not updated in
the war file. The sample.war file still contains the old files. So this security
hole still exists in the latest tomcat distribution.
Comment 1 Mark Thomas 2007-07-30 16:49:15 UTC
Thanks for the report. This has been fixed in svn for 5.5.x and 6.0.x and will
be included in the next release of both.