Bug#528352: CVE-2008-2025: Cross-site scripting (XSS) vulnerability

2009-05-12 Thread Steffen Joeris
Package: libstruts1.2-java Severity: important Tags: patch, security Hi, the following CVE (Common Vulnerabilities Exposures) id was published for libstruts1.2-java. CVE-2008-2025[0]: | Cross-site scripting (XSS) vulnerability in Apache Struts before | 1.2.9-162.31.1 on SUSE Linux Enterprise

Bug#454529: CVE-2007-5615: CRLF injection vulnerability

2007-12-05 Thread Steffen Joeris
Package: jetty Severity: normal Tags: security Hi The following CVE[0] has been issued against jetty: CVE-2007-5615: CRLF injection vulnerability in Mortbay Jetty before 6.1.6rc0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via

Bug#454529: two more CVEs

2007-12-05 Thread Steffen Joeris
Hi There have been two more CVEs[0][1] for jetty: CVE-2007-5613: Cross-site scripting (XSS) vulnerability in Dump Servlet in Mortbay Jetty before 6.1.6rc1 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters and cookies. CVE-2007-5614: Mortbay Jetty

Bug#456148: CVE-2007-6306: Multiple cross-site scripting vulnerabilities

2007-12-13 Thread Steffen Joeris
Package: libjfreechart-java Severity: important Tags: security Hi The following CVE[0] has been issued against libjfreechart-java. CVE-2007-6306: Multiple cross-site scripting (XSS) vulnerabilities in the image map feature in JFreeChart 1.0.8 allow remote attackers to inject arbitrary web

Bug#484643: CVE-2008-1947: Cross-site scripting (XSS) vulnerability via the name parameter

2008-06-05 Thread Steffen Joeris
Package: tomcat5.5 Severity: important Tags: security Hi The following CVE[0] has been issued against tomcat5.5 CVE-2008-1947: Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML

Bug#494504: CVE-2008-1232/CVE-2008-2370: XSS and directory traversal

2008-08-10 Thread Steffen Joeris
Package: tomcat5.5 Severity: grave Tags: security Justification: user security hole Hi, the following CVE (Common Vulnerabilities Exposures) ids were published for tomcat5.5. CVE-2008-1232[0]: | Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 | through 4.1.37, 5.5.0 through

Bug#496309: CVE-2008-2938: arbitrary file access

2008-08-24 Thread Steffen Joeris
Package: tomcat5.5 Severity: important Tags: security Hi, the following CVE (Common Vulnerabilities Exposures) id was published for tomcat5.5. CVE-2008-2938[0]: | Directory traversal vulnerability in Apache Tomcat 4.1.0 through | 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when |