- Home
- CVEs with nessus.description==Several remote vulnerabilities have been discovered in the Tomcat servlet and JSP engine. The Common Vulnerabilities and Exposures project identifies the following problems :
- CVE-2008-0128 Olaf Kock discovered that HTTPS encryption was insufficiently enforced for single-sign-on cookies, which could result in information disclosure.
- CVE-2007-2450 It was discovered that the Manager and Host Manager web applications performed insufficient input sanitising, which could lead to cross site scripting.
This update also adapts the tomcat5.5-webapps package to the tightened JULI permissions introduced in the previous tomcat5.5 DSA. However, it should be noted, that the tomcat5.5-webapps is for demonstration and documentation purposes only and should not be used for production systems.
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top