You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by kk...@apache.org on 2011/09/23 01:56:15 UTC
svn commit: r1174455 - in /tomcat/site/trunk: docs/security-jk.html
xdocs/security-jk.xml xdocs/security-native.xml
Author: kkolinko
Date: Thu Sep 22 23:56:14 2011
New Revision: 1174455
URL: http://svn.apache.org/viewvc?rev=1174455&view=rev
Log:
Simplify the markup
Modified:
tomcat/site/trunk/docs/security-jk.html
tomcat/site/trunk/xdocs/security-jk.xml
tomcat/site/trunk/xdocs/security-native.xml
Modified: tomcat/site/trunk/docs/security-jk.html
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-jk.html?rev=1174455&r1=1174454&r2=1174455&view=diff
==============================================================================
--- tomcat/site/trunk/docs/security-jk.html (original)
+++ tomcat/site/trunk/docs/security-jk.html Thu Sep 22 23:56:14 2011
@@ -307,9 +307,7 @@
one user to view the response associated with a different user's request.
</p>
- <p>This was fixed in
- <a href="http://svn.apache.org/viewvc?rev=702540&view=rev">
- revision 702540</a>.</p>
+ <p>This was fixed in <a href="http://svn.apache.org/viewvc?view=rev&rev=702540">revision 702540</a>.</p>
<p>Affects: JK 1.2.0-1.2.26<br/>
Source shipped with Tomcat 4.0.0-4.0.6, 4.1.0-4.1.36, 5.0.0-5.0.30,
Modified: tomcat/site/trunk/xdocs/security-jk.xml
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-jk.xml?rev=1174455&r1=1174454&r2=1174455&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/security-jk.xml (original)
+++ tomcat/site/trunk/xdocs/security-jk.xml Thu Sep 22 23:56:14 2011
@@ -30,17 +30,14 @@
<section name="Fixed in Apache Tomcat JK Connector 1.2.27">
<p><strong>important: Information disclosure</strong>
- <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5519"
- rel="nofollow">CVE-2008-5519</a></p>
+ <cve>CVE-2008-5519</cve></p>
<p>Situations where faulty clients set Content-Length without providing
data, or where a user submits repeated requests very quickly, may permit
one user to view the response associated with a different user's request.
</p>
- <p>This was fixed in
- <a href="http://svn.apache.org/viewvc?rev=702540&view=rev">
- revision 702540</a>.</p>
+ <p>This was fixed in <revlink rev="702540">revision 702540</revlink>.</p>
<p>Affects: JK 1.2.0-1.2.26<br/>
Source shipped with Tomcat 4.0.0-4.0.6, 4.1.0-4.1.36, 5.0.0-5.0.30,
@@ -50,12 +47,10 @@
<section name="Fixed in Apache Tomcat JK Connector 1.2.23">
<p><strong>important: Information disclosure</strong>
- <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1860"
- rel="nofollow">CVE-2007-1860</a></p>
+ <cve>CVE-2007-1860</cve></p>
<p>The issue is related to
- <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0450"
- rel="nofollow">CVE-2007-0450</a>, the patch for which was insufficient.</p>
+ <cve>CVE-2007-0450</cve>, the patch for which was insufficient.</p>
<p>When multiple components (firewalls, caches, proxies and Tomcat)
process a request, the request URL should not get decoded multiple times
@@ -89,8 +84,7 @@
<section name="Fixed in Apache Tomcat JK Connector 1.2.21">
<p><strong>critical: Arbitrary code execution and denial of service</strong>
- <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0774"
- rel="nofollow">CVE-2007-0774</a></p>
+ <cve>CVE-2007-0774</cve></p>
<p>An unsafe memory copy in the URI handler for the native JK connector
could result in a stack overflow condition which could be leveraged to
@@ -103,8 +97,7 @@
<section name="Fixed in Apache Tomcat JK Connector 1.2.16">
<p><strong>important: Information disclosure</strong>
- <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7197"
- rel="nofollow">CVE-2006-7197</a></p>
+ <cve>CVE-2006-7197</cve></p>
<p>The Tomcat AJP connector contained a bug that sometimes set a too long
length for the chunks delivered by send_body_chunks AJP messages. Bugs of
Modified: tomcat/site/trunk/xdocs/security-native.xml
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-native.xml?rev=1174455&r1=1174454&r2=1174455&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/security-native.xml (original)
+++ tomcat/site/trunk/xdocs/security-native.xml Thu Sep 22 23:56:14 2011
@@ -30,8 +30,7 @@
<section name="Not a vulnerability in the Apache Tomcat APR/native Connector">
<p><strong>TLS SSL Man In The Middle</strong>
- <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555"
- rel="nofollow">CVE-2009-3555</a></p>
+ <cve>CVE-2009-3555</cve></p>
<p>A vulnerability exists in the TLS protocol that allows an attacker to
inject arbitrary requests into an TLS stream during renegotiation.</p>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org