Date: Tue, 6 Jul 2010 11:33:09 +0200 From: Matthias Weckbecker <mweckbecker@...e.de> To: oss-security@...ts.openwall.com Subject: CVE request: Apache Axis2 Session Fixation Hi, there has recently been a Session Fixation vulnerability reported in Apache Axis2, see: References: https://issues.apache.org/jira/browse/AXIS2-4739 http://www.securityfocus.com/archive/1/511955/30/30/threaded There is already CVE-2010-2103 assigned for the Cross-Site Scripting mentioned in the advisory above. However, there does not seem to be a CVE for the Session Fixation flaw, so could you possibly assign one for it too? Thanks! ciao, Matthias -- Matthias Weckbecker, SUSE Security Team SUSE LINUX Products GmbH, Maxfeldstr. 5, D-90409 Nuernberg Tel: +49-911-74053-0; http://www.opensuse.org/ SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.