You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2007/02/25 00:44:03 UTC

svn commit: r511373 - in /tomcat/site/trunk: docs/security-3.html xdocs/security-3.xml

Author: markt
Date: Sat Feb 24 15:44:02 2007
New Revision: 511373

URL: http://svn.apache.org/viewvc?view=rev&rev=511373
Log:
Add documentation for CVE-2005-0808

Modified:
    tomcat/site/trunk/docs/security-3.html
    tomcat/site/trunk/xdocs/security-3.xml

Modified: tomcat/site/trunk/docs/security-3.html
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-3.html?view=diff&rev=511373&r1=511372&r2=511373
==============================================================================
--- tomcat/site/trunk/docs/security-3.html (original)
+++ tomcat/site/trunk/docs/security-3.html Sat Feb 24 15:44:02 2007
@@ -208,6 +208,43 @@
 <tr>
 <td bgcolor="#525D76">
 <font color="#ffffff" face="arial,helvetica,sanserif">
+<a name="Not fixed in Apache Tomcat 3.x">
+<strong>Not fixed in Apache Tomcat 3.x</strong>
+</a>
+</font>
+</td>
+</tr>
+<tr>
+<td>
+<p>
+<blockquote>
+    <p>
+<strong>important: Remote denial of service</strong>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0808">
+       CVE-2005-0808</a>
+</p>
+
+    <p>Tomcat 3.x can be remotely caused to crash or shutdown by a connection
+       sending the right sequence of bytes to the AJP12 protocol port (TCP 8007
+       by default). Tomcat 3.x users are advised to ensure that this port is
+       adequately firewalled to ensure it is not accessible to remote attackers.
+       There are no plans to issue a an update to Tomcat 3.x for this issue.</p>
+
+    <p>Affects: 3.0, 3.1-3.1.1, 3.2-3.2.4, 3.3-3.3.2</p>
+  </blockquote>
+</p>
+</td>
+</tr>
+<tr>
+<td>
+<br/>
+</td>
+</tr>
+</table>
+<table border="0" cellspacing="0" cellpadding="2" width="100%">
+<tr>
+<td bgcolor="#525D76">
+<font color="#ffffff" face="arial,helvetica,sanserif">
 <a name="Fixed in Apache Tomcat 3.?.?">
 <strong>Fixed in Apache Tomcat 3.?.?</strong>
 </a>

Modified: tomcat/site/trunk/xdocs/security-3.xml
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-3.xml?view=diff&rev=511373&r1=511372&r2=511373
==============================================================================
--- tomcat/site/trunk/xdocs/security-3.xml (original)
+++ tomcat/site/trunk/xdocs/security-3.xml Sat Feb 24 15:44:02 2007
@@ -24,6 +24,20 @@
 
   </section>
 
+  <section name="Not fixed in Apache Tomcat 3.x">
+    <p><strong>important: Remote denial of service</strong>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0808">
+       CVE-2005-0808</a></p>
+
+    <p>Tomcat 3.x can be remotely caused to crash or shutdown by a connection
+       sending the right sequence of bytes to the AJP12 protocol port (TCP 8007
+       by default). Tomcat 3.x users are advised to ensure that this port is
+       adequately firewalled to ensure it is not accessible to remote attackers.
+       There are no plans to issue a an update to Tomcat 3.x for this issue.</p>
+
+    <p>Affects: 3.0, 3.1-3.1.1, 3.2-3.2.4, 3.3-3.3.2</p>
+  </section>
+
   <section name="Fixed in Apache Tomcat 3.?.?">
 
   </section>



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org