Summary: | CVE-2009-0580 Apache Tomcat User enumeration vulnerability with FORM authentication | ||
---|---|---|---|
Product: | Sisyphus | Reporter: | Vladimir Lettiev <crux> |
Component: | tomcat6 | Assignee: | Nobody's working on this, feel free to take it <nobody> |
Status: | CLOSED FIXED | QA Contact: | qa-sisyphus |
Severity: | blocker | ||
Priority: | P3 | Keywords: | security |
Version: | unstable | ||
Hardware: | all | ||
OS: | Linux | ||
URL: | http://seclists.org/bugtraq/2009/Jun/0046.html |
Description
Vladimir Lettiev
2009-06-04 14:12:43 MSD
tomcat6-0:6.0.18-alt6_8jpp5 -> sisyphus: * Thu Jan 14 2010 Slava Semushin <php-coder@altlinux> 0:6.0.18-alt6_8jpp5 - NMU - Applied upstream patches to fix following vulnerabilities: + CVE-2009-0033: DoS when using Java AJP connector (Closes: #20313) + CVE-2009-0580: User enumeration vulnerability with FORM authentication (Closes: #20315) + CVE-2009-0781: XSS in calendar example |