You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2007/03/03 01:58:38 UTC
svn commit: r514035 - in /tomcat/site/trunk/xdocs: security-jk.xml
security.xml
Author: markt
Date: Fri Mar 2 16:58:38 2007
New Revision: 514035
URL: http://svn.apache.org/viewvc?view=rev&rev=514035
Log:
Add JK vulnerability list, including recently announced issue.
Odd. This were missed in last commit.
Added:
tomcat/site/trunk/xdocs/security-jk.xml (with props)
Modified:
tomcat/site/trunk/xdocs/security.xml
Added: tomcat/site/trunk/xdocs/security-jk.xml
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-jk.xml?view=auto&rev=514035
==============================================================================
--- tomcat/site/trunk/xdocs/security-jk.xml (added)
+++ tomcat/site/trunk/xdocs/security-jk.xml Fri Mar 2 16:58:38 2007
@@ -0,0 +1,42 @@
+<?xml version="1.0"?>
+<document>
+
+ <properties>
+ <author>Apache Tomcat Project</author>
+ <title>Apache Tomcat 6.x vulnerabilities</title>
+ </properties>
+
+<body>
+
+ <section name="Apache Tomcat JK Connectors vulnerabilities">
+ <p>This page lists all security vulnerabilities fixed in released versions
+ of Apache Tomcat Jk Connectors. Each vulnerability is given a
+ <a href="security-impact.html">security impact rating</a> by the Apache
+ Tomcat security team - please note that this rating may vary from
+ platform to platform. We also list the versions of Apache Tomcat JK
+ Connectors the flaw is known to affect, and where a flaw has not been
+ verified list the version with a question mark.</p>
+
+ <p>This page has been created from a review of the Apache Tomcat archives
+ and the CVE list. Please send comments or corrections for these
+ vulnerabilities to the <a href="mailto:security@tomcat.apache.org">Tomcat
+ Security Team</a>.</p>
+
+ </section>
+
+ <section name="Fixed in Apache Tomcat JK Connector 1.2.21">
+ <p><strong>critical: Arbitary code execution and denial of service</strong>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0774">
+ CVE-2007-0774</a></p>
+
+ <p>An unsafe memory copy in the URI handler for the native JK connector
+ could result in a stackoverflow condition which could be leveraged to
+ execute arbitary code or crash the web server.</p>
+
+ <p>Affects: JK 1.2.19-1.2.20<br/>
+ Source shipped with: Tomcat 4.1.34, 5.5.20</p>
+
+ </section>
+</body>
+</document>
+
Propchange: tomcat/site/trunk/xdocs/security-jk.xml
------------------------------------------------------------------------------
svn:eol-style = native
Modified: tomcat/site/trunk/xdocs/security.xml
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security.xml?view=diff&rev=514035&r1=514034&r2=514035
==============================================================================
--- tomcat/site/trunk/xdocs/security.xml (original)
+++ tomcat/site/trunk/xdocs/security.xml Fri Mar 2 16:58:38 2007
@@ -21,6 +21,8 @@
</a></li>
<li><a href="security-3.html">Apache Tomcat 3.x Security Vulnerabilitites
</a></li>
+ <li><a href="security-jk.html">Apache Tomcat JK Connectors Security
+ Vulnerabilitites</a></li>
</ul>
</section>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org