mailing list archives
[SECURITY] CVE-2011-0533: Apache Continuum cross-site scripting vulnerability
From: Brett Porter <brett () apache org>
Date: Fri, 11 Feb 2011 01:19:40 +1100
CVE-2011-0533: Apache Continuum cross-site scripting vulnerability
The Apache Software Foundation
Continuum 1.4.0 (Beta)
The unsupported versions Continuum 1.1 - 126.96.36.199 are also affected.
A request that included a specially crafted request parameter could be
Continuum 1.3.6 and earlier users should upgrade to 1.3.7
Continuum 1.4.0 (Beta) users should apply the following patch:
This issue was discovered by Tal Be'ery of Imperva.
brett () apache org
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/
- [SECURITY] CVE-2011-0533: Apache Continuum cross-site scripting vulnerability Brett Porter (Feb 10)