oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE request: Apache Axis2 Session Fixation

From: Josh Bressers <bressers () redhat com>
Date: Tue, 6 Jul 2010 15:24:34 -0400 (EDT)
I'm going to leave this one for MITRE too. The reproter and upstream
disagree, I'm not certain what the policy is in such cases.

Thanks.

-- 
    JB


----- "Matthias Weckbecker" <mweckbecker () suse de> wrote:


Hi,

there has recently been a Session Fixation vulnerability reported in
Apache 
Axis2, see:

References:
https://issues.apache.org/jira/browse/AXIS2-4739
http://www.securityfocus.com/archive/1/511955/30/30/threaded

There is already CVE-2010-2103 assigned for the Cross-Site Scripting
mentioned 
in the advisory above. However, there does not seem to be a CVE for
the 
Session Fixation flaw, so could you possibly assign one for it too?

Thanks!

ciao,
Matthias

-- 
Matthias Weckbecker, SUSE Security Team
SUSE LINUX Products GmbH, Maxfeldstr. 5, D-90409 Nuernberg   
Tel: +49-911-74053-0;  http://www.opensuse.org/   
SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)
Previous By Date Next
Previous By Thread Next

Current thread: