You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by kk...@apache.org on 2011/09/23 01:56:15 UTC

svn commit: r1174455 - in /tomcat/site/trunk: docs/security-jk.html xdocs/security-jk.xml xdocs/security-native.xml

Author: kkolinko
Date: Thu Sep 22 23:56:14 2011
New Revision: 1174455

URL: http://svn.apache.org/viewvc?rev=1174455&view=rev
Log:
Simplify the markup

Modified:
    tomcat/site/trunk/docs/security-jk.html
    tomcat/site/trunk/xdocs/security-jk.xml
    tomcat/site/trunk/xdocs/security-native.xml

Modified: tomcat/site/trunk/docs/security-jk.html
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-jk.html?rev=1174455&r1=1174454&r2=1174455&view=diff
==============================================================================
--- tomcat/site/trunk/docs/security-jk.html (original)
+++ tomcat/site/trunk/docs/security-jk.html Thu Sep 22 23:56:14 2011
@@ -307,9 +307,7 @@
        one user to view the response associated with a different user's request.
        </p>
 
-    <p>This was fixed in
-       <a href="http://svn.apache.org/viewvc?rev=702540&amp;view=rev">
-       revision 702540</a>.</p>
+    <p>This was fixed in <a href="http://svn.apache.org/viewvc?view=rev&amp;rev=702540">revision 702540</a>.</p>
 
     <p>Affects: JK 1.2.0-1.2.26<br/>
        Source shipped with Tomcat 4.0.0-4.0.6, 4.1.0-4.1.36, 5.0.0-5.0.30,

Modified: tomcat/site/trunk/xdocs/security-jk.xml
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-jk.xml?rev=1174455&r1=1174454&r2=1174455&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/security-jk.xml (original)
+++ tomcat/site/trunk/xdocs/security-jk.xml Thu Sep 22 23:56:14 2011
@@ -30,17 +30,14 @@
 
   <section name="Fixed in Apache Tomcat JK Connector 1.2.27">
     <p><strong>important: Information disclosure</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5519"
-       rel="nofollow">CVE-2008-5519</a></p>
+       <cve>CVE-2008-5519</cve></p>
 
     <p>Situations where faulty clients set Content-Length without providing
        data, or where a user submits repeated requests very quickly, may permit
        one user to view the response associated with a different user's request.
        </p>
 
-    <p>This was fixed in
-       <a href="http://svn.apache.org/viewvc?rev=702540&amp;view=rev">
-       revision 702540</a>.</p>
+    <p>This was fixed in <revlink rev="702540">revision 702540</revlink>.</p>
 
     <p>Affects: JK 1.2.0-1.2.26<br/>
        Source shipped with Tomcat 4.0.0-4.0.6, 4.1.0-4.1.36, 5.0.0-5.0.30,
@@ -50,12 +47,10 @@
 
   <section name="Fixed in Apache Tomcat JK Connector 1.2.23">
     <p><strong>important: Information disclosure</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1860"
-       rel="nofollow">CVE-2007-1860</a></p>
+       <cve>CVE-2007-1860</cve></p>
 
     <p>The issue is related to
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0450"
-       rel="nofollow">CVE-2007-0450</a>, the patch for which was insufficient.</p>
+       <cve>CVE-2007-0450</cve>, the patch for which was insufficient.</p>
 
     <p>When multiple components (firewalls, caches, proxies and Tomcat)
        process a request, the request URL should not get decoded multiple times
@@ -89,8 +84,7 @@
 
   <section name="Fixed in Apache Tomcat JK Connector 1.2.21">
     <p><strong>critical: Arbitrary code execution and denial of service</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0774"
-       rel="nofollow">CVE-2007-0774</a></p>
+       <cve>CVE-2007-0774</cve></p>
 
     <p>An unsafe memory copy in the URI handler for the native JK connector
        could result in a stack overflow condition which could be leveraged to
@@ -103,8 +97,7 @@
 
   <section name="Fixed in Apache Tomcat JK Connector 1.2.16">
     <p><strong>important: Information disclosure</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7197"
-       rel="nofollow">CVE-2006-7197</a></p>
+       <cve>CVE-2006-7197</cve></p>
 
     <p>The Tomcat AJP connector contained a bug that sometimes set a too long
        length for the chunks delivered by send_body_chunks AJP messages. Bugs of

Modified: tomcat/site/trunk/xdocs/security-native.xml
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-native.xml?rev=1174455&r1=1174454&r2=1174455&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/security-native.xml (original)
+++ tomcat/site/trunk/xdocs/security-native.xml Thu Sep 22 23:56:14 2011
@@ -30,8 +30,7 @@
 
   <section name="Not a vulnerability in the Apache Tomcat APR/native Connector">
     <p><strong>TLS SSL Man In The Middle</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555"
-       rel="nofollow">CVE-2009-3555</a></p>
+       <cve>CVE-2009-3555</cve></p>
 
     <p>A vulnerability exists in the TLS protocol that allows an attacker to
        inject arbitrary requests into an TLS stream during renegotiation.</p>



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org