You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2007/03/31 03:13:34 UTC
svn commit: r524343 - in /tomcat/site/trunk: docs/security-4.html
xdocs/security-4.xml
Author: markt
Date: Fri Mar 30 18:13:34 2007
New Revision: 524343
URL: http://svn.apache.org/viewvc?view=rev&rev=524343
Log:
cve-2002-0493
Modified:
tomcat/site/trunk/docs/security-4.html
tomcat/site/trunk/xdocs/security-4.xml
Modified: tomcat/site/trunk/docs/security-4.html
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-4.html?view=diff&rev=524343&r1=524342&r2=524343
==============================================================================
--- tomcat/site/trunk/docs/security-4.html (original)
+++ tomcat/site/trunk/docs/security-4.html Fri Mar 30 18:13:34 2007
@@ -583,6 +583,41 @@
<tr>
<td bgcolor="#525D76">
<font color="#ffffff" face="arial,helvetica,sanserif">
+<a name="Fixed in Apache Tomcat 4.0.0">
+<strong>Fixed in Apache Tomcat 4.0.0</strong>
+</a>
+</font>
+</td>
+</tr>
+<tr>
+<td>
+<p>
+<blockquote>
+ <p>
+<strong>moderate: Security manager bypass</strong>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0493">
+ CVE-2002-0493</a>
+</p>
+
+ <p>If errors are encountered during the parsing of web.xml and Tomcat is
+ configured to use a security manager it is possible for Tomcat to start
+ without the security manager in place.</p>
+
+ <p>Affects: Pre-release builds of 4.0.0</p>
+ </blockquote>
+</p>
+</td>
+</tr>
+<tr>
+<td>
+<br/>
+</td>
+</tr>
+</table>
+<table border="0" cellspacing="0" cellpadding="2" width="100%">
+<tr>
+<td bgcolor="#525D76">
+<font color="#ffffff" face="arial,helvetica,sanserif">
<a name="Unverified">
<strong>Unverified</strong>
</a>
Modified: tomcat/site/trunk/xdocs/security-4.xml
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-4.xml?view=diff&rev=524343&r1=524342&r2=524343
==============================================================================
--- tomcat/site/trunk/xdocs/security-4.xml (original)
+++ tomcat/site/trunk/xdocs/security-4.xml Fri Mar 30 18:13:34 2007
@@ -203,6 +203,18 @@
<p>Affects: 4.0.0-4.0.1</p>
</section>
+ <section name="Fixed in Apache Tomcat 4.0.0">
+ <p><strong>moderate: Security manager bypass</strong>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0493">
+ CVE-2002-0493</a></p>
+
+ <p>If errors are encountered during the parsing of web.xml and Tomcat is
+ configured to use a security manager it is possible for Tomcat to start
+ without the security manager in place.</p>
+
+ <p>Affects: Pre-release builds of 4.0.0</p>
+ </section>
+
<section name="Unverified">
<p><strong>low: Installation path disclosure</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4703">
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org