From 1e5eee186d0371a10525d48078bc497e994fd13e Mon Sep 17 00:00:00 2001 From: Salvatore Bonaccorso Date: Thu, 21 Nov 2019 21:16:44 +0100 Subject: CVE-2009-5047 was found to be a duplicate of CVE-2009-4611 Move all information we have to the retained CVE entry and drop notes from CVE-2009-5047. It was found that CVE-2009-5047 was back then a resevation duplicate of the CVE-2009-4611 CVE identifier. --- data/CVE/2009.list | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) (limited to 'data/CVE/2009.list') diff --git a/data/CVE/2009.list b/data/CVE/2009.list index 80be21c706..aec1b3f1e7 100644 --- a/data/CVE/2009.list +++ b/data/CVE/2009.list @@ -1239,7 +1239,9 @@ CVE-2009-4613 (SQL injection vulnerability in realestate20/loginaction.php in Ne CVE-2009-4612 (Multiple cross-site scripting (XSS) vulnerabilities in the WebApp JSP ...) - jetty 6.1.22-1 (bug #575789) CVE-2009-4611 (Mort Bay Jetty 6.x through 6.1.22 and 7.0.0 writes backtrace data with ...) - - jetty 6.1.22-1 + - jetty 6.1.22-1 (unimportant; bug #553644) + NOTE: http://www.ush.it/team/ush/hack-jetty6x7x/jetty-adv.txt + NOTE: The affected apps are not shipped in the package, see #553644 CVE-2009-4610 (Multiple cross-site scripting (XSS) vulnerabilities in Mort Bay Jetty ...) - jetty (low; bug #575790) NOTE: the exploitable servlet is not shipped in Debian packages @@ -3387,9 +3389,6 @@ CVE-2009-5046 (JSP Dump and Session Dump Servlet XSS in jetty before 6.1.22. ... NOTE: The affected apps are not shipped in the package, see #553644 CVE-2009-5047 REJECTED - - jetty 6.1.22-1 (unimportant; bug #553644) - NOTE: http://www.ush.it/team/ush/hack-jetty6x7x/jetty-adv.txt - NOTE: The affected apps are not shipped in the package, see #553644 CVE-2009-5048 (Cookie Dump Servlet stored XSS vulnerability in jetty though 6.1.20. ...) - jetty 6.1.22-1 (unimportant; bug #553644) NOTE: http://www.ush.it/team/ush/hack-jetty6x7x/jetty-adv.txt -- cgit v1.2.3