You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by sc...@apache.org on 2011/09/10 03:51:50 UTC
svn commit: r1167434 - in /tomcat/site/trunk: docs/security-5.html
docs/security-6.html docs/security-7.html xdocs/security-5.xml
xdocs/security-6.xml xdocs/security-7.xml
Author: schultz
Date: Sat Sep 10 01:51:49 2011
New Revision: 1167434
URL: http://svn.apache.org/viewvc?rev=1167434&view=rev
Log:
Committed *all* files for CVE-2011-3190 mitigation options.
Modified:
tomcat/site/trunk/docs/security-5.html
tomcat/site/trunk/docs/security-6.html
tomcat/site/trunk/docs/security-7.html
tomcat/site/trunk/xdocs/security-5.xml
tomcat/site/trunk/xdocs/security-6.xml
tomcat/site/trunk/xdocs/security-7.xml
Modified: tomcat/site/trunk/docs/security-5.html
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-5.html?rev=1167434&r1=1167433&r2=1167434&view=diff
==============================================================================
--- tomcat/site/trunk/docs/security-5.html (original)
+++ tomcat/site/trunk/docs/security-5.html Sat Sep 10 01:51:49 2011
@@ -473,11 +473,12 @@
<p>This was reported publicly on 20th August 2011.</p>
<p>Affects: 5.5.0-5.5.33</p>
-
+
<p>Mitigation options:</p>
<ul>
<li>Upgrade to Tomcat 5.5.34</li>
- <li>Apply the appropriate <a href=" http://svn.apache.org/viewvc?rev=1162960&view=rev">patch</a></li>
+ <li>Apply the appropriate <a href=" http://svn.apache.org/viewvc?rev=1162960&view=rev">patch</a>
+</li>
<li>Configure both Tomcat and the reverse proxy to use a shared secret ("request.secret" attribute in <Connector>; "worker.<i>workername</i>.secret" for mod_jk; mod_proxy_ajp currently does not support shared secrets)</li>
<li>Use the org.apache.jk.server.JkCoyoteHandler (BIO) AJP connector</li>
</ul>
Modified: tomcat/site/trunk/docs/security-6.html
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-6.html?rev=1167434&r1=1167433&r2=1167434&view=diff
==============================================================================
--- tomcat/site/trunk/docs/security-6.html (original)
+++ tomcat/site/trunk/docs/security-6.html Sat Sep 10 01:51:49 2011
@@ -368,7 +368,8 @@
<p>Mitigation options:</p>
<ul>
<li>Upgrade to Tomcat 6.0.34</li>
- <li>Apply the appropriate <a href="http://svn.apache.org/viewvc?rev=1162959&view=rev">patch</a></li>
+ <li>Apply the appropriate <a href="http://svn.apache.org/viewvc?rev=1162959&view=rev">patch</a>
+</li>
<li>Configure both Tomcat and the reverse proxy to use a shared secret ("request.secret" attribute in <Connector>; "worker.<i>workername</i>.secret" for mod_jk; mod_proxy_ajp currently does not support shared secrets)</li>
<li>Use the org.apache.jk.server.JkCoyoteHandler (BIO) AJP connector</li>
</ul>
Modified: tomcat/site/trunk/docs/security-7.html
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-7.html?rev=1167434&r1=1167433&r2=1167434&view=diff
==============================================================================
--- tomcat/site/trunk/docs/security-7.html (original)
+++ tomcat/site/trunk/docs/security-7.html Sat Sep 10 01:51:49 2011
@@ -350,11 +350,12 @@
<p>This was reported publicly on 20th August 2011.</p>
<p>Affects: 7.0.0-7.0.20</p>
-
+
<p>Mitigation options:</p>
<ul>
<li>Upgrade to Tomcat 7.0.21</li>
- <li>Apply the appropriate <a href="http://svn.apache.org/viewvc?rev=1162958&view=rev">patch</a></li>
+ <li>Apply the appropriate <a href="http://svn.apache.org/viewvc?rev=1162958&view=rev">patch</a>
+</li>
<li>Configure both Tomcat and the reverse proxy to use a shared secret ("request.secret" attribute in <Connector>; "worker.<i>workername</i>.secret" for mod_jk; mod_proxy_ajp currently does not support shared secrets)</li>
</ul>
</blockquote>
Modified: tomcat/site/trunk/xdocs/security-5.xml
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-5.xml?rev=1167434&r1=1167433&r2=1167434&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/security-5.xml (original)
+++ tomcat/site/trunk/xdocs/security-5.xml Sat Sep 10 01:51:49 2011
@@ -164,6 +164,13 @@
<p>Affects: 5.5.0-5.5.33</p>
+ <p>Mitigation options:</p>
+ <ul>
+ <li>Upgrade to Tomcat 5.5.34</li>
+ <li>Apply the appropriate <a href=" http://svn.apache.org/viewvc?rev=1162960&view=rev">patch</a></li>
+ <li>Configure both Tomcat and the reverse proxy to use a shared secret ("request.secret" attribute in <Connector>; "worker.<i>workername</i>.secret" for mod_jk; mod_proxy_ajp currently does not support shared secrets)</li>
+ <li>Use the org.apache.jk.server.JkCoyoteHandler (BIO) AJP connector</li>
+ </ul>
</section>
<section name="Fixed in Apache Tomcat 5.5.32" rtext="released 1 Feb 2011">
Modified: tomcat/site/trunk/xdocs/security-6.xml
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-6.xml?rev=1167434&r1=1167433&r2=1167434&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/security-6.xml (original)
+++ tomcat/site/trunk/xdocs/security-6.xml Sat Sep 10 01:51:49 2011
@@ -64,6 +64,13 @@
<p>Affects: 6.0.0-6.0.33</p>
+ <p>Mitigation options:</p>
+ <ul>
+ <li>Upgrade to Tomcat 6.0.34</li>
+ <li>Apply the appropriate <a href="http://svn.apache.org/viewvc?rev=1162959&view=rev">patch</a></li>
+ <li>Configure both Tomcat and the reverse proxy to use a shared secret ("request.secret" attribute in <Connector>; "worker.<i>workername</i>.secret" for mod_jk; mod_proxy_ajp currently does not support shared secrets)</li>
+ <li>Use the org.apache.jk.server.JkCoyoteHandler (BIO) AJP connector</li>
+ </ul>
</section>
<section name="Fixed in Apache Tomcat 6.0.33">
Modified: tomcat/site/trunk/xdocs/security-7.xml
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-7.xml?rev=1167434&r1=1167433&r2=1167434&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/security-7.xml (original)
+++ tomcat/site/trunk/xdocs/security-7.xml Sat Sep 10 01:51:49 2011
@@ -58,6 +58,12 @@
<p>Affects: 7.0.0-7.0.20</p>
+ <p>Mitigation options:</p>
+ <ul>
+ <li>Upgrade to Tomcat 7.0.21</li>
+ <li>Apply the appropriate <a href="http://svn.apache.org/viewvc?rev=1162958&view=rev">patch</a></li>
+ <li>Configure both Tomcat and the reverse proxy to use a shared secret ("request.secret" attribute in <Connector>; "worker.<i>workername</i>.secret" for mod_jk; mod_proxy_ajp currently does not support shared secrets)</li>
+ </ul>
</section>
<section name="Fixed in Apache Tomcat 7.0.20">
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org