You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2007/03/17 02:43:10 UTC
svn commit: r519205 - in /tomcat/site/trunk: docs/security-4.html
docs/security-5.html docs/security-6.html xdocs/security-4.xml
xdocs/security-5.xml xdocs/security-6.xml
Author: markt
Date: Fri Mar 16 18:43:09 2007
New Revision: 519205
URL: http://svn.apache.org/viewvc?view=rev&rev=519205
Log:
Add CVE-2005-2090 to security pages.
Modified:
tomcat/site/trunk/docs/security-4.html
tomcat/site/trunk/docs/security-5.html
tomcat/site/trunk/docs/security-6.html
tomcat/site/trunk/xdocs/security-4.xml
tomcat/site/trunk/xdocs/security-5.xml
tomcat/site/trunk/xdocs/security-6.xml
Modified: tomcat/site/trunk/docs/security-4.html
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-4.html?view=diff&rev=519205&r1=519204&r2=519205
==============================================================================
--- tomcat/site/trunk/docs/security-4.html (original)
+++ tomcat/site/trunk/docs/security-4.html Fri Mar 16 18:43:09 2007
@@ -211,8 +211,8 @@
<tr>
<td bgcolor="#525D76">
<font color="#ffffff" face="arial,helvetica,sanserif">
-<a name="Fixed in Apache Tomcat 4.1.35">
-<strong>Fixed in Apache Tomcat 4.1.35</strong>
+<a name="Fixed in Apache Tomcat 4.1.HEAD">
+<strong>Fixed in Apache Tomcat 4.1.HEAD</strong>
</a>
</font>
</td>
@@ -221,6 +221,25 @@
<td>
<p>
<blockquote>
+ <p>
+<strong>important: Information disclosure</strong>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2090">
+ CVE-2005-2090</a>
+</p>
+
+ <p>Requests with multiple content-length headers should be rejected as
+ invalid. When multiple components (firewalls, caches, proxies and Tomcat)
+ process a sequence of requests where one or more requests contain
+ multiple content-length headers and several components accept do not
+ reject the request and make different decisions as to which
+ content-length leader to use an attacker can poision a web-cache, perform
+ an XSS attack and obtain senstive information from requests other then
+ their own. Tomcat now returns 400 for requests with multiple
+ content-length headers.
+ </p>
+
+ <p>Affects: 4.0.0-4.0.6, 4.1.0-4.1.34</p>
+
<p>
<strong>important: Directory traversal</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0450">
Modified: tomcat/site/trunk/docs/security-5.html
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-5.html?view=diff&rev=519205&r1=519204&r2=519205
==============================================================================
--- tomcat/site/trunk/docs/security-5.html (original)
+++ tomcat/site/trunk/docs/security-5.html Fri Mar 16 18:43:09 2007
@@ -211,6 +211,48 @@
<tr>
<td bgcolor="#525D76">
<font color="#ffffff" face="arial,helvetica,sanserif">
+<a name="Fixed in Apache Tomcat 5.5.23">
+<strong>Fixed in Apache Tomcat 5.5.23</strong>
+</a>
+</font>
+</td>
+</tr>
+<tr>
+<td>
+<p>
+<blockquote>
+ <p>
+<strong>important: Information disclosure</strong>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2090">
+ CVE-2005-2090</a>
+</p>
+
+ <p>Requests with multiple content-length headers should be rejected as
+ invalid. When multiple components (firewalls, caches, proxies and Tomcat)
+ process a sequence of requests where one or more requests contain
+ multiple content-length headers and several components accept do not
+ reject the request and make different decisions as to which
+ content-length leader to use an attacker can poision a web-cache, perform
+ an XSS attack and obtain senstive information from requests other then
+ their own. Tomcat now returns 400 for requests with multiple
+ content-length headers.
+ </p>
+
+ <p>Affects: 5.0.0-5.0.HEAD, 5.5.0-5.5.22</p>
+ </blockquote>
+</p>
+</td>
+</tr>
+<tr>
+<td>
+<br/>
+</td>
+</tr>
+</table>
+<table border="0" cellspacing="0" cellpadding="2" width="100%">
+<tr>
+<td bgcolor="#525D76">
+<font color="#ffffff" face="arial,helvetica,sanserif">
<a name="Fixed in Apache Tomcat 5.5.22, 5.0.HEAD">
<strong>Fixed in Apache Tomcat 5.5.22, 5.0.HEAD</strong>
</a>
Modified: tomcat/site/trunk/docs/security-6.html
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-6.html?view=diff&rev=519205&r1=519204&r2=519205
==============================================================================
--- tomcat/site/trunk/docs/security-6.html (original)
+++ tomcat/site/trunk/docs/security-6.html Fri Mar 16 18:43:09 2007
@@ -211,6 +211,48 @@
<tr>
<td bgcolor="#525D76">
<font color="#ffffff" face="arial,helvetica,sanserif">
+<a name="Fixed in Apache Tomcat 6.0.HEAD">
+<strong>Fixed in Apache Tomcat 6.0.HEAD</strong>
+</a>
+</font>
+</td>
+</tr>
+<tr>
+<td>
+<p>
+<blockquote>
+ <p>
+<strong>important: Information disclosure</strong>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2090">
+ CVE-2005-2090</a>
+</p>
+
+ <p>Requests with multiple content-length headers should be rejected as
+ invalid. When multiple components (firewalls, caches, proxies and Tomcat)
+ process a sequence of requests where one or more requests contain
+ multiple content-length headers and several components accept do not
+ reject the request and make different decisions as to which
+ content-length leader to use an attacker can poision a web-cache, perform
+ an XSS attack and obtain senstive information from requests other then
+ their own. Tomcat now returns 400 for requests with multiple
+ content-length headers.
+ </p>
+
+ <p>Affects: 6.0.0-6.0.10</p>
+ </blockquote>
+</p>
+</td>
+</tr>
+<tr>
+<td>
+<br/>
+</td>
+</tr>
+</table>
+<table border="0" cellspacing="0" cellpadding="2" width="100%">
+<tr>
+<td bgcolor="#525D76">
+<font color="#ffffff" face="arial,helvetica,sanserif">
<a name="Fixed in Apache Tomcat 6.0.10">
<strong>Fixed in Apache Tomcat 6.0.10</strong>
</a>
Modified: tomcat/site/trunk/xdocs/security-4.xml
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-4.xml?view=diff&rev=519205&r1=519204&r2=519205
==============================================================================
--- tomcat/site/trunk/xdocs/security-4.xml (original)
+++ tomcat/site/trunk/xdocs/security-4.xml Fri Mar 16 18:43:09 2007
@@ -24,7 +24,24 @@
</section>
- <section name="Fixed in Apache Tomcat 4.1.35">
+ <section name="Fixed in Apache Tomcat 4.1.HEAD">
+ <p><strong>important: Information disclosure</strong>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2090">
+ CVE-2005-2090</a></p>
+
+ <p>Requests with multiple content-length headers should be rejected as
+ invalid. When multiple components (firewalls, caches, proxies and Tomcat)
+ process a sequence of requests where one or more requests contain
+ multiple content-length headers and several components accept do not
+ reject the request and make different decisions as to which
+ content-length leader to use an attacker can poision a web-cache, perform
+ an XSS attack and obtain senstive information from requests other then
+ their own. Tomcat now returns 400 for requests with multiple
+ content-length headers.
+ </p>
+
+ <p>Affects: 4.0.0-4.0.6, 4.1.0-4.1.34</p>
+
<p><strong>important: Directory traversal</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0450">
CVE-2007-0450</a></p>
Modified: tomcat/site/trunk/xdocs/security-5.xml
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-5.xml?view=diff&rev=519205&r1=519204&r2=519205
==============================================================================
--- tomcat/site/trunk/xdocs/security-5.xml (original)
+++ tomcat/site/trunk/xdocs/security-5.xml Fri Mar 16 18:43:09 2007
@@ -24,6 +24,25 @@
</section>
+ <section name="Fixed in Apache Tomcat 5.5.23">
+ <p><strong>important: Information disclosure</strong>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2090">
+ CVE-2005-2090</a></p>
+
+ <p>Requests with multiple content-length headers should be rejected as
+ invalid. When multiple components (firewalls, caches, proxies and Tomcat)
+ process a sequence of requests where one or more requests contain
+ multiple content-length headers and several components accept do not
+ reject the request and make different decisions as to which
+ content-length leader to use an attacker can poision a web-cache, perform
+ an XSS attack and obtain senstive information from requests other then
+ their own. Tomcat now returns 400 for requests with multiple
+ content-length headers.
+ </p>
+
+ <p>Affects: 5.0.0-5.0.HEAD, 5.5.0-5.5.22</p>
+ </section>
+
<section name="Fixed in Apache Tomcat 5.5.22, 5.0.HEAD">
<p><strong>important: Directory traversal</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0450">
Modified: tomcat/site/trunk/xdocs/security-6.xml
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-6.xml?view=diff&rev=519205&r1=519204&r2=519205
==============================================================================
--- tomcat/site/trunk/xdocs/security-6.xml (original)
+++ tomcat/site/trunk/xdocs/security-6.xml Fri Mar 16 18:43:09 2007
@@ -24,6 +24,25 @@
</section>
+ <section name="Fixed in Apache Tomcat 6.0.HEAD">
+ <p><strong>important: Information disclosure</strong>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2090">
+ CVE-2005-2090</a></p>
+
+ <p>Requests with multiple content-length headers should be rejected as
+ invalid. When multiple components (firewalls, caches, proxies and Tomcat)
+ process a sequence of requests where one or more requests contain
+ multiple content-length headers and several components accept do not
+ reject the request and make different decisions as to which
+ content-length leader to use an attacker can poision a web-cache, perform
+ an XSS attack and obtain senstive information from requests other then
+ their own. Tomcat now returns 400 for requests with multiple
+ content-length headers.
+ </p>
+
+ <p>Affects: 6.0.0-6.0.10</p>
+ </section>
+
<section name="Fixed in Apache Tomcat 6.0.10">
<p><strong>important: Directory traversal</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0450">
@@ -51,6 +70,7 @@
<p>Affects: 6.0.0-6.0.9</p>
</section>
+
</body>
</document>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org