You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2007/03/03 01:26:56 UTC
svn commit: r514026 - in /tomcat/site/trunk/docs: security-jk.html
security.html
Author: markt
Date: Fri Mar 2 16:26:54 2007
New Revision: 514026
URL: http://svn.apache.org/viewvc?view=rev&rev=514026
Log:
Add JK vulnerability list, including recently announced issue.
Added:
tomcat/site/trunk/docs/security-jk.html (with props)
Modified:
tomcat/site/trunk/docs/security.html
Added: tomcat/site/trunk/docs/security-jk.html
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-jk.html?view=auto&rev=514026
==============================================================================
--- tomcat/site/trunk/docs/security-jk.html (added)
+++ tomcat/site/trunk/docs/security-jk.html Fri Mar 2 16:26:54 2007
@@ -0,0 +1,266 @@
+<?xml version="1.0" encoding="iso-8859-1"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html>
+<head>
+<title>Apache Tomcat - Apache Tomcat 6.x vulnerabilities</title>
+<meta name="author" value="Apache Tomcat Project"/>
+<meta name="email" value=""/>
+<link type="text/css" href="stylesheets/tomcat.css" rel="stylesheet"/>
+</head>
+<body bgcolor="#ffffff" text="#000000" link="#525D76" alink="#525D76" vlink="#525D76">
+<table border="0" width="100%" cellspacing="0">
+<!--PAGE HEADER-->
+<tr>
+<td>
+<!--PROJECT LOGO-->
+<a href="http://tomcat.apache.org/">
+<img src="./images/tomcat.gif" align="left" alt="Tomcat Logo" border="0"/>
+</a>
+</td>
+<td>
+<font face="arial,helvetica,sanserif">
+<h1>Apache Tomcat</h1>
+</font>
+</td>
+<td>
+<!--APACHE LOGO-->
+<a href="http://www.apache.org/">
+<img src="http://www.apache.org/images/asf-logo.gif" align="right" alt="Apache Logo" border="0"/>
+</a>
+</td>
+</tr>
+</table>
+<div class="searchbox">
+<form action="http://www.google.com/search" method="get">
+<input value="tomcat.apache.org" name="sitesearch" type="hidden"/>
+<input value="Search the Site" size="25" name="q" id="query" type="text"/>
+<input name="Search" value="Search Site" type="submit"/>
+</form>
+</div>
+<table border="0" width="100%" cellspacing="4">
+<!--HEADER SEPARATOR-->
+<tr>
+<td colspan="2">
+<hr noshade="" size="1"/>
+</td>
+</tr>
+<tr>
+<!--LEFT SIDE NAVIGATION-->
+<td width="20%" valign="top" nowrap="true">
+<p>
+<strong>Apache Tomcat</strong>
+</p>
+<ul>
+<li>
+<a href="./index.html">Home</a>
+</li>
+</ul>
+<p>
+<strong>Download</strong>
+</p>
+<ul>
+<li>
+<a href="./whichversion.html">Which version?</a>
+</li>
+<li>
+<a href="./download-60.cgi">Tomcat 6.x</a>
+</li>
+<li>
+<a href="./download-55.cgi">Tomcat 5.x</a>
+</li>
+<li>
+<a href="./download-41.cgi">Tomcat 4.1</a>
+</li>
+<li>
+<a href="./download-33.cgi">Tomcat 3.3</a>
+</li>
+<li>
+<a href="./download-connectors.cgi">Tomcat Connectors</a>
+</li>
+<li>
+<a href="http://archive.apache.org/dist/tomcat">Archives</a>
+</li>
+</ul>
+<p>
+<strong>Documentation</strong>
+</p>
+<ul>
+<li>
+<a href="./tomcat-6.0-doc/index.html">Tomcat 6.0</a>
+</li>
+<li>
+<a href="./tomcat-5.5-doc/index.html">Tomcat 5.5</a>
+</li>
+<li>
+<a href="./tomcat-5.0-doc/index.html">Tomcat 5.0</a>
+</li>
+<li>
+<a href="./tomcat-4.1-doc/index.html">Tomcat 4.1</a>
+</li>
+<li>
+<a href="./tomcat-3.3-doc/index.html">Tomcat 3.3</a>
+</li>
+<li>
+<a href="./connectors-doc">Tomcat Connectors</a>
+</li>
+</ul>
+<p>
+<strong>Problems?</strong>
+</p>
+<ul>
+<li>
+<a href="./security.html">Security Reports</a>
+</li>
+<li>
+<a href="./findhelp.html">Find help</a>
+</li>
+<li>
+<a href="./faq/">FAQ</a>
+</li>
+<li>
+<a href="./lists.html">Mailing Lists</a>
+</li>
+<li>
+<a href="./bugreport.html">Bug Database</a>
+</li>
+<li>
+<a href="./irc.html">IRC</a>
+</li>
+</ul>
+<p>
+<strong>Get Involved</strong>
+</p>
+<ul>
+<li>
+<a href="./getinvolved.html">Overview</a>
+</li>
+<li>
+<a href="./svn.html">SVN Repositories</a>
+</li>
+<li>
+<a href="./lists.html">Mailing Lists</a>
+</li>
+</ul>
+<p>
+<strong>Misc</strong>
+</p>
+<ul>
+<li>
+<a href="./whoweare.html">Who We Are</a>
+</li>
+<li>
+<a href="./heritage.html">Heritage</a>
+</li>
+<li>
+<a href="http://www.apache.org">Apache Home</a>
+</li>
+<li>
+<a href="./resources.html">Resources</a>
+</li>
+<li>
+<a href="./contact.html">Contact</a>
+</li>
+<li>
+<a href="./legal.html">Legal</a>
+</li>
+</ul>
+</td>
+<!--RIGHT SIDE MAIN BODY-->
+<td width="80%" valign="top" align="left">
+<table border="0" cellspacing="0" cellpadding="2" width="100%">
+<tr>
+<td bgcolor="#525D76">
+<font color="#ffffff" face="arial,helvetica,sanserif">
+<a name="Apache Tomcat JK Connectors vulnerabilities">
+<strong>Apache Tomcat JK Connectors vulnerabilities</strong>
+</a>
+</font>
+</td>
+</tr>
+<tr>
+<td>
+<p>
+<blockquote>
+ <p>This page lists all security vulnerabilities fixed in released versions
+ of Apache Tomcat Jk Connectors. Each vulnerability is given a
+ <a href="security-impact.html">security impact rating</a> by the Apache
+ Tomcat security team - please note that this rating may vary from
+ platform to platform. We also list the versions of Apache Tomcat JK
+ Connectors the flaw is known to affect, and where a flaw has not been
+ verified list the version with a question mark.</p>
+
+ <p>This page has been created from a review of the Apache Tomcat archives
+ and the CVE list. Please send comments or corrections for these
+ vulnerabilities to the <a href="mailto:security@tomcat.apache.org">Tomcat
+ Security Team</a>.</p>
+
+ </blockquote>
+</p>
+</td>
+</tr>
+<tr>
+<td>
+<br/>
+</td>
+</tr>
+</table>
+<table border="0" cellspacing="0" cellpadding="2" width="100%">
+<tr>
+<td bgcolor="#525D76">
+<font color="#ffffff" face="arial,helvetica,sanserif">
+<a name="Fixed in Apache Tomcat JK Connector 1.2.21">
+<strong>Fixed in Apache Tomcat JK Connector 1.2.21</strong>
+</a>
+</font>
+</td>
+</tr>
+<tr>
+<td>
+<p>
+<blockquote>
+ <p>
+<strong>critical: Arbitary code execution and denial of service</strong>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0774">
+ CVE-2007-0774</a>
+</p>
+
+ <p>An unsafe memory copy in the URI handler for the native JK connector
+ could result in a stackoverflow condition which could be leveraged to
+ execute arbitary code or crash the web server.</p>
+
+ <p>Affects: JK 1.2.19-1.2.20<br/>
+ Source shipped with: Tomcat 4.1.34, 5.5.20</p>
+
+ </blockquote>
+</p>
+</td>
+</tr>
+<tr>
+<td>
+<br/>
+</td>
+</tr>
+</table>
+</td>
+</tr>
+<!--FOOTER SEPARATOR-->
+<tr>
+<td colspan="2">
+<hr noshade="" size="1"/>
+</td>
+</tr>
+<!--PAGE FOOTER-->
+<tr>
+<td colspan="2">
+<div align="center">
+<font color="#525D76" size="-1">
+<em>
+ Copyright © 1999-2006, The Apache Software Foundation
+ </em>
+</font>
+</div>
+</td>
+</tr>
+</table>
+</body>
+</html>
Propchange: tomcat/site/trunk/docs/security-jk.html
------------------------------------------------------------------------------
svn:eol-style = native
Modified: tomcat/site/trunk/docs/security.html
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security.html?view=diff&rev=514026&r1=514025&r2=514026
==============================================================================
--- tomcat/site/trunk/docs/security.html (original)
+++ tomcat/site/trunk/docs/security.html Fri Mar 2 16:26:54 2007
@@ -205,6 +205,10 @@
<a href="security-3.html">Apache Tomcat 3.x Security Vulnerabilitites
</a>
</li>
+ <li>
+<a href="security-jk.html">Apache Tomcat JK Connectors Security
+ Vulnerabilitites</a>
+</li>
</ul>
</blockquote>
</p>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org