You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2007/03/31 04:01:45 UTC
svn commit: r524352 - in /tomcat/site/trunk: docs/security-3.html xdocs/security-3.xml

Author: markt
Date: Fri Mar 30 19:01:44 2007
New Revision: 524352

URL: http://svn.apache.org/viewvc?view=rev&rev=524352
Log:
cve-2001-0829

Modified:
    tomcat/site/trunk/docs/security-3.html
    tomcat/site/trunk/xdocs/security-3.xml

Modified: tomcat/site/trunk/docs/security-3.html
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-3.html?view=diff&rev=524352&r1=524351&r2=524352
==============================================================================
--- tomcat/site/trunk/docs/security-3.html (original)
+++ tomcat/site/trunk/docs/security-3.html Fri Mar 30 19:01:44 2007
@@ -434,7 +434,41 @@
     <p>No specifics are provided in the vulnerability report. This may be a
        summary of other issues reported against 3.2.x</p>
 
-    <p>Affects: 3.2.0?, 3.2.1, 3.2.2-3.2.3?</p>
+    <p>Affects: 3.2?, 3.2.1, 3.2.2-3.2.3?</p>
+  </blockquote>
+</p>
+</td>
+</tr>
+<tr>
+<td>
+<br/>
+</td>
+</tr>
+</table>
+<table border="0" cellspacing="0" cellpadding="2" width="100%">
+<tr>
+<td bgcolor="#525D76">
+<font color="#ffffff" face="arial,helvetica,sanserif">
+<a name="Fixed in Apache Tomcat 3.2.2">
+<strong>Fixed in Apache Tomcat 3.2.2</strong>
+</a>
+</font>
+</td>
+</tr>
+<tr>
+<td>
+<p>
+<blockquote>
+    <p>
+<strong>moderate: Cross site scripting</strong>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0829">
+       CVE-2001-0829</a>
+</p>
+
+    <p>The default 404 error page does not escape URLs. This allows XSS
+       attacks using specially crafted URLs.</p>
+
+    <p>Affects: 3.0, 3.1-3.1.1, 3.2-3.2.1</p>
   </blockquote>
 </p>
 </td>

Modified: tomcat/site/trunk/xdocs/security-3.xml
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-3.xml?view=diff&rev=524352&r1=524351&r2=524352
==============================================================================
--- tomcat/site/trunk/xdocs/security-3.xml (original)
+++ tomcat/site/trunk/xdocs/security-3.xml Fri Mar 30 19:01:44 2007
@@ -116,7 +116,18 @@
     <p>No specifics are provided in the vulnerability report. This may be a
        summary of other issues reported against 3.2.x</p>
 
-    <p>Affects: 3.2.0?, 3.2.1, 3.2.2-3.2.3?</p>
+    <p>Affects: 3.2?, 3.2.1, 3.2.2-3.2.3?</p>
+  </section>
+
+  <section name="Fixed in Apache Tomcat 3.2.2">
+    <p><strong>moderate: Cross site scripting</strong>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0829">
+       CVE-2001-0829</a></p>
+
+    <p>The default 404 error page does not escape URLs. This allows XSS
+       attacks using specially crafted URLs.</p>
+
+    <p>Affects: 3.0, 3.1-3.1.1, 3.2-3.2.1</p>
   </section>
 
 </body>



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org