You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2017/01/05 15:11:49 UTC
svn commit: r1777473 - in /tomcat/site/trunk: docs/security-6.html
docs/security-7.html docs/security-8.html docs/security-9.html
xdocs/security-6.xml xdocs/security-7.xml xdocs/security-8.xml
xdocs/security-9.xml
Author: markt
Date: Thu Jan 5 15:11:49 2017
New Revision: 1777473
URL: http://svn.apache.org/viewvc?rev=1777473&view=rev
Log:
Update information for CVE-2016-8745
8.0.x, 7.0.x and 6.0.x also affected
Modified:
tomcat/site/trunk/docs/security-6.html
tomcat/site/trunk/docs/security-7.html
tomcat/site/trunk/docs/security-8.html
tomcat/site/trunk/docs/security-9.html
tomcat/site/trunk/xdocs/security-6.xml
tomcat/site/trunk/xdocs/security-7.xml
tomcat/site/trunk/xdocs/security-8.xml
tomcat/site/trunk/xdocs/security-9.xml
Modified: tomcat/site/trunk/docs/security-6.html
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-6.html?rev=1777473&r1=1777472&r2=1777473&view=diff
==============================================================================
--- tomcat/site/trunk/docs/security-6.html (original)
+++ tomcat/site/trunk/docs/security-6.html Thu Jan 5 15:11:49 2017
@@ -219,6 +219,9 @@
<a href="#Apache_Tomcat_6.x_vulnerabilities">Apache Tomcat 6.x vulnerabilities</a>
</li>
<li>
+<a href="#Fixed_in_Apache_Tomcat_6.0.49">Fixed in Apache Tomcat 6.0.49</a>
+</li>
+<li>
<a href="#Fixed_in_Apache_Tomcat_6.0.48">Fixed in Apache Tomcat 6.0.48</a>
</li>
<li>
@@ -337,6 +340,36 @@
</div>
+<h3 id="Fixed_in_Apache_Tomcat_6.0.49">
+<span style="float: right;">not yet released</span> Fixed in Apache Tomcat 6.0.49</h3>
+<div class="text">
+
+
+<p>
+<strong>Important: Information Disclosure</strong>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8745" rel="nofollow">CVE-2016-8745</a>
+</p>
+
+
+<p>A bug in the error handling of the send file code for the NIO HTTP
+ connector resulted in the current Processor object being added to the
+ Processor cache multiple times. This in turn meant that the same
+ Processor could be used for concurrent requests. Sharing a Processor can
+ result in information leakage between requests including, not not limited
+ to, session ID and the response body.</p>
+
+
+<p>This was fixed in revision <a href="http://svn.apache.org/viewvc?view=rev&rev=1777472">1777472</a>.</p>
+
+
+<p>This issue was identified as affecting 6.0.x by the Apache Tomcat Security
+ Team on 3 January 2016 and made public on 5 January 207.</p>
+
+
+<p>Affects: 6.0.16 to 6.0.48</p>
+
+
+</div>
<h3 id="Fixed_in_Apache_Tomcat_6.0.48">
<span style="float: right;">15 November 2016</span> Fixed in Apache Tomcat 6.0.48</h3>
<div class="text">
Modified: tomcat/site/trunk/docs/security-7.html
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-7.html?rev=1777473&r1=1777472&r2=1777473&view=diff
==============================================================================
--- tomcat/site/trunk/docs/security-7.html (original)
+++ tomcat/site/trunk/docs/security-7.html Thu Jan 5 15:11:49 2017
@@ -219,6 +219,9 @@
<a href="#Apache_Tomcat_7.x_vulnerabilities">Apache Tomcat 7.x vulnerabilities</a>
</li>
<li>
+<a href="#Fixed_in_Apache_Tomcat_7.0.74">Fixed in Apache Tomcat 7.0.74</a>
+</li>
+<li>
<a href="#Fixed_in_Apache_Tomcat_7.0.73">Fixed in Apache Tomcat 7.0.73</a>
</li>
<li>
@@ -363,6 +366,36 @@
</div>
+<h3 id="Fixed_in_Apache_Tomcat_7.0.74">
+<span style="float: right;">not yet released</span> Fixed in Apache Tomcat 7.0.74</h3>
+<div class="text">
+
+
+<p>
+<strong>Important: Information Disclosure</strong>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8745" rel="nofollow">CVE-2016-8745</a>
+</p>
+
+
+<p>A bug in the error handling of the send file code for the NIO HTTP
+ connector resulted in the current Processor object being added to the
+ Processor cache multiple times. This in turn meant that the same
+ Processor could be used for concurrent requests. Sharing a Processor can
+ result in information leakage between requests including, not not limited
+ to, session ID and the response body.</p>
+
+
+<p>This was fixed in revision <a href="http://svn.apache.org/viewvc?view=rev&rev=1777471">1777471</a>.</p>
+
+
+<p>This issue was identified as affecting 7.0.x by the Apache Tomcat Security
+ Team on 3 January 2016 and made public on 5 January 207.</p>
+
+
+<p>Affects: 7.0.0 to 7.0.73</p>
+
+
+</div>
<h3 id="Fixed_in_Apache_Tomcat_7.0.73">
<span style="float: right;">14 November 2016</span> Fixed in Apache Tomcat 7.0.73</h3>
<div class="text">
Modified: tomcat/site/trunk/docs/security-8.html
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-8.html?rev=1777473&r1=1777472&r2=1777473&view=diff
==============================================================================
--- tomcat/site/trunk/docs/security-8.html (original)
+++ tomcat/site/trunk/docs/security-8.html Thu Jan 5 15:11:49 2017
@@ -219,6 +219,9 @@
<a href="#Apache_Tomcat_8.x_vulnerabilities">Apache Tomcat 8.x vulnerabilities</a>
</li>
<li>
+<a href="#Fixed_in_Apache_Tomcat_8.0.40">Fixed in Apache Tomcat 8.0.40</a>
+</li>
+<li>
<a href="#Fixed_in_Apache_Tomcat_8.5.9">Fixed in Apache Tomcat 8.5.9</a>
</li>
<li>
@@ -315,6 +318,36 @@
</div>
+<h3 id="Fixed_in_Apache_Tomcat_8.0.40">
+<span style="float: right;">not yet released</span> Fixed in Apache Tomcat 8.0.40</h3>
+<div class="text">
+
+
+<p>
+<strong>Important: Information Disclosure</strong>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8745" rel="nofollow">CVE-2016-8745</a>
+</p>
+
+
+<p>A bug in the error handling of the send file code for the NIO HTTP
+ connector resulted in the current Processor object being added to the
+ Processor cache multiple times. This in turn meant that the same
+ Processor could be used for concurrent requests. Sharing a Processor can
+ result in information leakage between requests including, not not limited
+ to, session ID and the response body.</p>
+
+
+<p>This was fixed in revision <a href="http://svn.apache.org/viewvc?view=rev&rev=1777469">1777469</a>.</p>
+
+
+<p>This issue was identified as affecting 8.0.x by the Apache Tomcat Security
+ Team on 3 January 2016 and made public on 5 January 207.</p>
+
+
+<p>Affects: 8.0.0.RC1 to 8.0.39</p>
+
+
+</div>
<h3 id="Fixed_in_Apache_Tomcat_8.5.9">
<span style="float: right;">8 December 2016</span> Fixed in Apache Tomcat 8.5.9</h3>
<div class="text">
@@ -326,14 +359,12 @@
</p>
-<p>The refactoring of the Connector code for 8.5.x onwards introduced a
- regression in the error handling of the send file code for the NIO HTTP
- connector. An error during send file processing resulted in the current
- Processor object being added to the Processor cache multiple times. This
- in turn meant that the same Processor could be used for concurrent
- requests. Sharing a Processor can result in information leakage between
- requests including, not not limited to, session ID and the response body.
- </p>
+<p>A bug in the error handling of the send file code for the NIO HTTP
+ connector resulted in the current Processor object being added to the
+ Processor cache multiple times. This in turn meant that the same
+ Processor could be used for concurrent requests. Sharing a Processor can
+ result in information leakage between requests including, not not limited
+ to, session ID and the response body.</p>
<p>This was fixed in revision <a href="http://svn.apache.org/viewvc?view=rev&rev=1771857">1771857</a>.</p>
Modified: tomcat/site/trunk/docs/security-9.html
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-9.html?rev=1777473&r1=1777472&r2=1777473&view=diff
==============================================================================
--- tomcat/site/trunk/docs/security-9.html (original)
+++ tomcat/site/trunk/docs/security-9.html Thu Jan 5 15:11:49 2017
@@ -302,14 +302,12 @@
</p>
-<p>The refactoring of the Connector code for 8.5.x onwards introduced a
- regression in the error handling of the send file code for the NIO HTTP
- connector. An error during send file processing resulted in the current
- Processor object being added to the Processor cache multiple times. This
- in turn meant that the same Processor could be used for concurrent
- requests. Sharing a Processor can result in information leakage between
- requests including, not not limited to, session ID and the response body.
- </p>
+<p>A bug in the error handling of the send file code for the NIO HTTP
+ connector resulted in the current Processor object being added to the
+ Processor cache multiple times. This in turn meant that the same
+ Processor could be used for concurrent requests. Sharing a Processor can
+ result in information leakage between requests including, not not limited
+ to, session ID and the response body.</p>
<p>This was fixed in revision <a href="http://svn.apache.org/viewvc?view=rev&rev=1771853">1771853</a>.</p>
Modified: tomcat/site/trunk/xdocs/security-6.xml
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-6.xml?rev=1777473&r1=1777472&r2=1777473&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/security-6.xml (original)
+++ tomcat/site/trunk/xdocs/security-6.xml Thu Jan 5 15:11:49 2017
@@ -48,6 +48,27 @@
</section>
+ <section name="Fixed in Apache Tomcat 6.0.49" rtext="not yet released">
+
+ <p><strong>Important: Information Disclosure</strong>
+ <cve>CVE-2016-8745</cve></p>
+
+ <p>A bug in the error handling of the send file code for the NIO HTTP
+ connector resulted in the current Processor object being added to the
+ Processor cache multiple times. This in turn meant that the same
+ Processor could be used for concurrent requests. Sharing a Processor can
+ result in information leakage between requests including, not not limited
+ to, session ID and the response body.</p>
+
+ <p>This was fixed in revision <revlink rev="1777472">1777472</revlink>.</p>
+
+ <p>This issue was identified as affecting 6.0.x by the Apache Tomcat Security
+ Team on 3 January 2016 and made public on 5 January 207.</p>
+
+ <p>Affects: 6.0.16 to 6.0.48</p>
+
+ </section>
+
<section name="Fixed in Apache Tomcat 6.0.48" rtext="15 November 2016">
<p><strong>Important: Remote Code Execution</strong>
Modified: tomcat/site/trunk/xdocs/security-7.xml
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-7.xml?rev=1777473&r1=1777472&r2=1777473&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/security-7.xml (original)
+++ tomcat/site/trunk/xdocs/security-7.xml Thu Jan 5 15:11:49 2017
@@ -50,6 +50,27 @@
</section>
+ <section name="Fixed in Apache Tomcat 7.0.74" rtext="not yet released">
+
+ <p><strong>Important: Information Disclosure</strong>
+ <cve>CVE-2016-8745</cve></p>
+
+ <p>A bug in the error handling of the send file code for the NIO HTTP
+ connector resulted in the current Processor object being added to the
+ Processor cache multiple times. This in turn meant that the same
+ Processor could be used for concurrent requests. Sharing a Processor can
+ result in information leakage between requests including, not not limited
+ to, session ID and the response body.</p>
+
+ <p>This was fixed in revision <revlink rev="1777471">1777471</revlink>.</p>
+
+ <p>This issue was identified as affecting 7.0.x by the Apache Tomcat Security
+ Team on 3 January 2016 and made public on 5 January 207.</p>
+
+ <p>Affects: 7.0.0 to 7.0.73</p>
+
+ </section>
+
<section name="Fixed in Apache Tomcat 7.0.73" rtext="14 November 2016">
<p><strong>Important: Remote Code Execution</strong>
Modified: tomcat/site/trunk/xdocs/security-8.xml
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-8.xml?rev=1777473&r1=1777472&r2=1777473&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/security-8.xml (original)
+++ tomcat/site/trunk/xdocs/security-8.xml Thu Jan 5 15:11:49 2017
@@ -50,19 +50,38 @@
</section>
+ <section name="Fixed in Apache Tomcat 8.0.40" rtext="not yet released">
+
+ <p><strong>Important: Information Disclosure</strong>
+ <cve>CVE-2016-8745</cve></p>
+
+ <p>A bug in the error handling of the send file code for the NIO HTTP
+ connector resulted in the current Processor object being added to the
+ Processor cache multiple times. This in turn meant that the same
+ Processor could be used for concurrent requests. Sharing a Processor can
+ result in information leakage between requests including, not not limited
+ to, session ID and the response body.</p>
+
+ <p>This was fixed in revision <revlink rev="1777469">1777469</revlink>.</p>
+
+ <p>This issue was identified as affecting 8.0.x by the Apache Tomcat Security
+ Team on 3 January 2016 and made public on 5 January 207.</p>
+
+ <p>Affects: 8.0.0.RC1 to 8.0.39</p>
+
+ </section>
+
<section name="Fixed in Apache Tomcat 8.5.9" rtext="8 December 2016">
<p><strong>Important: Information Disclosure</strong>
<cve>CVE-2016-8745</cve></p>
- <p>The refactoring of the Connector code for 8.5.x onwards introduced a
- regression in the error handling of the send file code for the NIO HTTP
- connector. An error during send file processing resulted in the current
- Processor object being added to the Processor cache multiple times. This
- in turn meant that the same Processor could be used for concurrent
- requests. Sharing a Processor can result in information leakage between
- requests including, not not limited to, session ID and the response body.
- </p>
+ <p>A bug in the error handling of the send file code for the NIO HTTP
+ connector resulted in the current Processor object being added to the
+ Processor cache multiple times. This in turn meant that the same
+ Processor could be used for concurrent requests. Sharing a Processor can
+ result in information leakage between requests including, not not limited
+ to, session ID and the response body.</p>
<p>This was fixed in revision <revlink rev="1771857">1771857</revlink>.</p>
Modified: tomcat/site/trunk/xdocs/security-9.xml
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-9.xml?rev=1777473&r1=1777472&r2=1777473&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/security-9.xml (original)
+++ tomcat/site/trunk/xdocs/security-9.xml Thu Jan 5 15:11:49 2017
@@ -61,14 +61,12 @@
<p><strong>Important: Information Disclosure</strong>
<cve>CVE-2016-8745</cve></p>
- <p>The refactoring of the Connector code for 8.5.x onwards introduced a
- regression in the error handling of the send file code for the NIO HTTP
- connector. An error during send file processing resulted in the current
- Processor object being added to the Processor cache multiple times. This
- in turn meant that the same Processor could be used for concurrent
- requests. Sharing a Processor can result in information leakage between
- requests including, not not limited to, session ID and the response body.
- </p>
+ <p>A bug in the error handling of the send file code for the NIO HTTP
+ connector resulted in the current Processor object being added to the
+ Processor cache multiple times. This in turn meant that the same
+ Processor could be used for concurrent requests. Sharing a Processor can
+ result in information leakage between requests including, not not limited
+ to, session ID and the response body.</p>
<p>This was fixed in revision <revlink rev="1771853">1771853</revlink>.</p>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: svn commit: r1777473 - in /tomcat/site/trunk:
docs/security-6.html docs/security-7.html docs/security-8.html
docs/security-9.html xdocs/security-6.xml xdocs/security-7.xml
xdocs/security-8.xml xdocs/security-9.xml
Posted by Mark Thomas <ma...@apache.org>.
On 05/01/2017 15:47, Emmanuel Bourg wrote:
> Le 5/01/2017 � 16:11, markt@apache.org a �crit :
>
>> +<p>This issue was identified as affecting 6.0.x by the Apache Tomcat Security
>> + Team on 3 January 2016 and made public on 5 January 207.</p>
>
> Hi Mark,
>
> There is a typo on the disclosure date.
Whoops. Fixed. Thanks.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: svn commit: r1777473 - in /tomcat/site/trunk:
docs/security-6.html docs/security-7.html docs/security-8.html
docs/security-9.html xdocs/security-6.xml xdocs/security-7.xml
xdocs/security-8.xml xdocs/security-9.xml
Posted by Emmanuel Bourg <eb...@apache.org>.
Le 5/01/2017 � 16:11, markt@apache.org a �crit :
> +<p>This issue was identified as affecting 6.0.x by the Apache Tomcat Security
> + Team on 3 January 2016 and made public on 5 January 207.</p>
Hi Mark,
There is a typo on the disclosure date.
Emmanuel Bourg
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org