oss-sec mailing list archives
Re: CVE request: Apache Axis2 Session Fixation
From: Josh Bressers <bressers () redhat com>
Date: Tue, 6 Jul 2010 15:24:34 -0400 (EDT)
I'm going to leave this one for MITRE too. The reproter and upstream disagree, I'm not certain what the policy is in such cases. Thanks. -- JB ----- "Matthias Weckbecker" <mweckbecker () suse de> wrote:
Hi, there has recently been a Session Fixation vulnerability reported in Apache Axis2, see: References: https://issues.apache.org/jira/browse/AXIS2-4739 http://www.securityfocus.com/archive/1/511955/30/30/threaded There is already CVE-2010-2103 assigned for the Cross-Site Scripting mentioned in the advisory above. However, there does not seem to be a CVE for the Session Fixation flaw, so could you possibly assign one for it too? Thanks! ciao, Matthias -- Matthias Weckbecker, SUSE Security Team SUSE LINUX Products GmbH, Maxfeldstr. 5, D-90409 Nuernberg Tel: +49-911-74053-0; http://www.opensuse.org/ SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)
Current thread:
- CVE request: Apache Axis2 Session Fixation Matthias Weckbecker (Jul 06)
- Re: CVE request: Apache Axis2 Session Fixation security curmudgeon (Jul 06)
- Re: CVE request: Apache Axis2 Session Fixation Marcus Meissner (Jul 06)
- Re: CVE request: Apache Axis2 Session Fixation Josh Bressers (Jul 06)
- Re: CVE request: Apache Axis2 Session Fixation security curmudgeon (Jul 06)