oss-sec mailing list archives
CVE request: Apache Axis2 Session Fixation
From: Matthias Weckbecker <mweckbecker () suse de>
Date: Tue, 6 Jul 2010 11:33:09 +0200
Hi, there has recently been a Session Fixation vulnerability reported in Apache Axis2, see: References: https://issues.apache.org/jira/browse/AXIS2-4739 http://www.securityfocus.com/archive/1/511955/30/30/threaded There is already CVE-2010-2103 assigned for the Cross-Site Scripting mentioned in the advisory above. However, there does not seem to be a CVE for the Session Fixation flaw, so could you possibly assign one for it too? Thanks! ciao, Matthias -- Matthias Weckbecker, SUSE Security Team SUSE LINUX Products GmbH, Maxfeldstr. 5, D-90409 Nuernberg Tel: +49-911-74053-0; http://www.opensuse.org/ SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)
Current thread:
- CVE request: Apache Axis2 Session Fixation Matthias Weckbecker (Jul 06)
- Re: CVE request: Apache Axis2 Session Fixation security curmudgeon (Jul 06)
- Re: CVE request: Apache Axis2 Session Fixation Marcus Meissner (Jul 06)
- Re: CVE request: Apache Axis2 Session Fixation Josh Bressers (Jul 06)
- Re: CVE request: Apache Axis2 Session Fixation security curmudgeon (Jul 06)