You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2007/04/19 04:15:39 UTC
svn commit: r530231 - in /tomcat/site/trunk: docs/security-4.html
docs/security-5.html xdocs/security-4.xml xdocs/security-5.xml
Author: markt
Date: Wed Apr 18 19:15:38 2007
New Revision: 530231
URL: http://svn.apache.org/viewvc?view=rev&rev=530231
Log:
More additions to the security pages.
Modified:
tomcat/site/trunk/docs/security-4.html
tomcat/site/trunk/docs/security-5.html
tomcat/site/trunk/xdocs/security-4.xml
tomcat/site/trunk/xdocs/security-5.xml
Modified: tomcat/site/trunk/docs/security-4.html
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-4.html?view=diff&rev=530231&r1=530230&r2=530231
==============================================================================
--- tomcat/site/trunk/docs/security-4.html (original)
+++ tomcat/site/trunk/docs/security-4.html Wed Apr 18 19:15:38 2007
@@ -352,6 +352,19 @@
<td>
<p>
<blockquote>
+
+ <p>
+<strong>important: Information disclosure</strong>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1858">
+ CVE-2007-1858</a>
+</p>
+
+ <p>The default SSL configuration permitted the use of insecure cipher suites
+ including the anonymous cipher suite. The default configuration no
+ longer permits the use of insecure cipher suites.</p>
+
+ <p>Affects: 4.1.28-4.1.31</p>
+
<p>
<strong>low: Directory listing</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3835">
Modified: tomcat/site/trunk/docs/security-5.html
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-5.html?view=diff&rev=530231&r1=530230&r2=530231
==============================================================================
--- tomcat/site/trunk/docs/security-5.html (original)
+++ tomcat/site/trunk/docs/security-5.html Wed Apr 18 19:15:38 2007
@@ -309,6 +309,76 @@
<tr>
<td bgcolor="#525D76">
<font color="#ffffff" face="arial,helvetica,sanserif">
+<a name="Fixed in Apache Tomcat 5.5.18">
+<strong>Fixed in Apache Tomcat 5.5.18</strong>
+</a>
+</font>
+</td>
+</tr>
+<tr>
+<td>
+<p>
+<blockquote>
+ <p>
+<strong>moderate: Cross-site scripting</strong>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7195">
+ CVE-2006-7195</a>
+</p>
+
+ <p>The implict-objects.jsp in the examples webapp displayed a number of
+ unfiltered header values. This enabled a XSS attack. These values are now
+ filtered.</p>
+
+ <p>Affects: 5.0.0-5.0.HEAD, 5.5.0-5.5.17</p>
+ </blockquote>
+</p>
+</td>
+</tr>
+<tr>
+<td>
+<br/>
+</td>
+</tr>
+</table>
+<table border="0" cellspacing="0" cellpadding="2" width="100%">
+<tr>
+<td bgcolor="#525D76">
+<font color="#ffffff" face="arial,helvetica,sanserif">
+<a name="Fixed in Apache Tomcat 5.5.17">
+<strong>Fixed in Apache Tomcat 5.5.17</strong>
+</a>
+</font>
+</td>
+</tr>
+<tr>
+<td>
+<p>
+<blockquote>
+ <p>
+<strong>important: Information disclosure</strong>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1858">
+ CVE-2007-1858</a>
+</p>
+
+ <p>The default SSL configuration permitted the use of insecure cipher suites
+ including the anonymous cipher suite. The default configuration no
+ longer permits the use of insecure cipher suites.</p>
+
+ <p>Affects: 5.0.0-5.0.HEAD, 5.5.0-5.5.17</p>
+ </blockquote>
+</p>
+</td>
+</tr>
+<tr>
+<td>
+<br/>
+</td>
+</tr>
+</table>
+<table border="0" cellspacing="0" cellpadding="2" width="100%">
+<tr>
+<td bgcolor="#525D76">
+<font color="#ffffff" face="arial,helvetica,sanserif">
<a name="Fixed in Apache Tomcat 5.5.13, 5.0.HEAD">
<strong>Fixed in Apache Tomcat 5.5.13, 5.0.HEAD</strong>
</a>
Modified: tomcat/site/trunk/xdocs/security-4.xml
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-4.xml?view=diff&rev=530231&r1=530230&r2=530231
==============================================================================
--- tomcat/site/trunk/xdocs/security-4.xml (original)
+++ tomcat/site/trunk/xdocs/security-4.xml Wed Apr 18 19:15:38 2007
@@ -106,6 +106,17 @@
</section>
<section name="Fixed in Apache Tomcat 4.1.32">
+
+ <p><strong>important: Information disclosure</strong>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1858">
+ CVE-2007-1858</a></p>
+
+ <p>The default SSL configuration permitted the use of insecure cipher suites
+ including the anonymous cipher suite. The default configuration no
+ longer permits the use of insecure cipher suites.</p>
+
+ <p>Affects: 4.1.28-4.1.31</p>
+
<p><strong>low: Directory listing</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3835">
CVE-2006-3835</a></p>
Modified: tomcat/site/trunk/xdocs/security-5.xml
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-5.xml?view=diff&rev=530231&r1=530230&r2=530231
==============================================================================
--- tomcat/site/trunk/xdocs/security-5.xml (original)
+++ tomcat/site/trunk/xdocs/security-5.xml Wed Apr 18 19:15:38 2007
@@ -76,6 +76,30 @@
<p>Affects: 5.5.0-5.5.21, 5.0.0-5.0.30</p>
</section>
+ <section name="Fixed in Apache Tomcat 5.5.18">
+ <p><strong>moderate: Cross-site scripting</strong>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7195">
+ CVE-2006-7195</a></p>
+
+ <p>The implict-objects.jsp in the examples webapp displayed a number of
+ unfiltered header values. This enabled a XSS attack. These values are now
+ filtered.</p>
+
+ <p>Affects: 5.0.0-5.0.HEAD, 5.5.0-5.5.17</p>
+ </section>
+
+ <section name="Fixed in Apache Tomcat 5.5.17">
+ <p><strong>important: Information disclosure</strong>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1858">
+ CVE-2007-1858</a></p>
+
+ <p>The default SSL configuration permitted the use of insecure cipher suites
+ including the anonymous cipher suite. The default configuration no
+ longer permits the use of insecure cipher suites.</p>
+
+ <p>Affects: 5.0.0-5.0.HEAD, 5.5.0-5.5.17</p>
+ </section>
+
<section name="Fixed in Apache Tomcat 5.5.13, 5.0.HEAD">
<p><strong>low: Directory listing</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3835">
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org