You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by ma...@apache.org on 2014/02/06 12:32:14 UTC

svn commit: r1565181 - in /tomcat/site/trunk: build.xml docs/security-7.html docs/security-8.html xdocs/security-7.xml xdocs/security-8.xml

Author: markt
Date: Thu Feb  6 11:32:14 2014
New Revision: 1565181

URL: http://svn.apache.org/r1565181
Log:
Add details for CVE-2014-0050

Modified:
    tomcat/site/trunk/build.xml
    tomcat/site/trunk/docs/security-7.html
    tomcat/site/trunk/docs/security-8.html
    tomcat/site/trunk/xdocs/security-7.xml
    tomcat/site/trunk/xdocs/security-8.xml

Modified: tomcat/site/trunk/build.xml
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/build.xml?rev=1565181&r1=1565180&r2=1565181&view=diff
==============================================================================
--- tomcat/site/trunk/build.xml (original)
+++ tomcat/site/trunk/build.xml Thu Feb  6 11:32:14 2014
@@ -211,4 +211,9 @@
     <available file="${destfile}" property="exist"/>
   </target>
 
+  <target name="fixeol">
+    <fixcrlf srcdir="${docs.dest}/tomcat-6.0-doc" eol="crlf"
+        encoding="ISO-8859-1" fixlast="false" >
+    </fixcrlf>
+  </target>
 </project>

Modified: tomcat/site/trunk/docs/security-7.html
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-7.html?rev=1565181&r1=1565180&r2=1565181&view=diff
==============================================================================
--- tomcat/site/trunk/docs/security-7.html (original)
+++ tomcat/site/trunk/docs/security-7.html Thu Feb  6 11:32:14 2014
@@ -200,6 +200,9 @@
 <a href="#Apache_Tomcat_7.x_vulnerabilities">Apache Tomcat 7.x vulnerabilities</a>
 </li>
 <li>
+<a href="#Fixed_in_Apache_Tomcat_7.0.51">Fixed in Apache Tomcat 7.0.51</a>
+</li>
+<li>
 <a href="#Fixed_in_Apache_Tomcat_7.0.40">Fixed in Apache Tomcat 7.0.40</a>
 </li>
 <li>
@@ -305,6 +308,41 @@
 
   
 </div>
+<h3 id="Fixed_in_Apache_Tomcat_7.0.51">
+<span style="float: right;">not yet released</span> Fixed in Apache Tomcat 7.0.51</h3>
+<div class="text">
+
+    
+<p>
+<strong>Important: Denial of Service</strong>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0050" rel="nofollow">CVE-2014-0050</a>
+</p>
+
+    
+<p>It was possible to craft a malformed Content-Type header for a multipart
+       request that caused Apache Tomcat to enter an infinite loop. A malicious
+       user could, therefore, craft a malformed request that triggered a denial
+       of service.</p>
+    
+    
+<p>The root cause of this error was a bug in Apache Commons FileUpload.
+       Tomcat 7 uses a packaged renamed copy of Apache Commons FileUpload to
+       implement the requirement of the Servlet 3.0 specification to support the
+       processing of mime-multipart requests. Tomcat 7 was therefore affected by
+       this issue.</p>
+
+    
+<p>This was fixed in revision <a href="http://svn.apache.org/viewvc?view=rev&amp;rev=1565169">1565169</a>.</p>
+
+    
+<p>This issue was reported to the Apache Software Foundation on 04 Feb 2014
+       and accidently made public on 06 Feb 2014.</p>
+
+    
+<p>Affects: 8.0.0-RC1-8.0.1</p>
+
+  
+</div>
 <h3 id="Fixed_in_Apache_Tomcat_7.0.40">
 <span style="float: right;">released 9 May 2013</span> Fixed in Apache Tomcat 7.0.40</h3>
 <div class="text">

Modified: tomcat/site/trunk/docs/security-8.html
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-8.html?rev=1565181&r1=1565180&r2=1565181&view=diff
==============================================================================
--- tomcat/site/trunk/docs/security-8.html (original)
+++ tomcat/site/trunk/docs/security-8.html Thu Feb  6 11:32:14 2014
@@ -200,7 +200,7 @@
 <a href="#Apache_Tomcat_8.x_vulnerabilities">Apache Tomcat 8.x vulnerabilities</a>
 </li>
 <li>
-<a href="#Fixed_in_Apache_Tomcat_8.0.0-RC1">Fixed in Apache Tomcat 8.0.0-RC1</a>
+<a href="#Fixed_in_Apache_Tomcat_8.0.2">Fixed in Apache Tomcat 8.0.2</a>
 </li>
 <li>
 <a href="#Not_a_vulnerability_in_Tomcat">Not a vulnerability in Tomcat</a>
@@ -254,13 +254,39 @@
 
   
 </div>
-<h3 id="Fixed_in_Apache_Tomcat_8.0.0-RC1">
-<span style="float: right;">released 5 August 2013</span> Fixed in Apache Tomcat 8.0.0-RC1</h3>
+<h3 id="Fixed_in_Apache_Tomcat_8.0.2">
+<span style="float: right;">not yet released</span> Fixed in Apache Tomcat 8.0.2</h3>
 <div class="text">
 
     
-<p>No reports</p>
+<p>
+<strong>Important: Denial of Service</strong>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0050" rel="nofollow">CVE-2014-0050</a>
+</p>
+
     
+<p>It was possible to craft a malformed Content-Type header for a multipart
+       request that caused Apache Tomcat to enter an infinite loop. A malicious
+       user could, therefore, craft a malformed request that triggered a denial
+       of service.</p>
+    
+    
+<p>The root cause of this error was a bug in Apache Commons FileUpload.
+       Tomcat 8 uses a packaged renamed copy of Apache Commons FileUpload to
+       implement the requirement of the Servlet 3.0 and later specifications to
+       support the processing of mime-multipart requests. Tomcat 8 was therefore
+       affected by this issue.</p>
+
+    
+<p>This was fixed in revision <a href="http://svn.apache.org/viewvc?view=rev&amp;rev=1565163">1565163</a>.</p>
+
+    
+<p>This issue was reported to the Apache Software Foundation on 04 Feb 2014
+       and accidently made public on 06 Feb 2014.</p>
+
+    
+<p>Affects: 8.0.0-RC1-8.0.1</p>
+
   
 </div>
 <h3 id="Not_a_vulnerability_in_Tomcat">Not a vulnerability in Tomcat</h3>

Modified: tomcat/site/trunk/xdocs/security-7.xml
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-7.xml?rev=1565181&r1=1565180&r2=1565181&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/security-7.xml (original)
+++ tomcat/site/trunk/xdocs/security-7.xml Thu Feb  6 11:32:14 2014
@@ -50,6 +50,31 @@
 
   </section>
 
+  <section name="Fixed in Apache Tomcat 7.0.51" rtext="not yet released">
+
+    <p><strong>Important: Denial of Service</strong>
+       <cve>CVE-2014-0050</cve></p>
+
+    <p>It was possible to craft a malformed Content-Type header for a multipart
+       request that caused Apache Tomcat to enter an infinite loop. A malicious
+       user could, therefore, craft a malformed request that triggered a denial
+       of service.</p>
+    
+    <p>The root cause of this error was a bug in Apache Commons FileUpload.
+       Tomcat 7 uses a packaged renamed copy of Apache Commons FileUpload to
+       implement the requirement of the Servlet 3.0 specification to support the
+       processing of mime-multipart requests. Tomcat 7 was therefore affected by
+       this issue.</p>
+
+    <p>This was fixed in revision <revlink rev="1565169">1565169</revlink>.</p>
+
+    <p>This issue was reported to the Apache Software Foundation on 04 Feb 2014
+       and accidently made public on 06 Feb 2014.</p>
+
+    <p>Affects: 8.0.0-RC1-8.0.1</p>
+
+  </section>
+
   <section name="Fixed in Apache Tomcat 7.0.40" rtext="released 9 May 2013">
 
     <p><strong>Moderate: Information disclosure</strong>

Modified: tomcat/site/trunk/xdocs/security-8.xml
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-8.xml?rev=1565181&r1=1565180&r2=1565181&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/security-8.xml (original)
+++ tomcat/site/trunk/xdocs/security-8.xml Thu Feb  6 11:32:14 2014
@@ -50,10 +50,29 @@
 
   </section>
 
-  <section name="Fixed in Apache Tomcat 8.0.0-RC1" rtext="released 5 August 2013">
+  <section name="Fixed in Apache Tomcat 8.0.2" rtext="not yet released">
 
-    <p>No reports</p>
+    <p><strong>Important: Denial of Service</strong>
+       <cve>CVE-2014-0050</cve></p>
+
+    <p>It was possible to craft a malformed Content-Type header for a multipart
+       request that caused Apache Tomcat to enter an infinite loop. A malicious
+       user could, therefore, craft a malformed request that triggered a denial
+       of service.</p>
     
+    <p>The root cause of this error was a bug in Apache Commons FileUpload.
+       Tomcat 8 uses a packaged renamed copy of Apache Commons FileUpload to
+       implement the requirement of the Servlet 3.0 and later specifications to
+       support the processing of mime-multipart requests. Tomcat 8 was therefore
+       affected by this issue.</p>
+
+    <p>This was fixed in revision <revlink rev="1565163">1565163</revlink>.</p>
+
+    <p>This issue was reported to the Apache Software Foundation on 04 Feb 2014
+       and accidently made public on 06 Feb 2014.</p>
+
+    <p>Affects: 8.0.0-RC1-8.0.1</p>
+
   </section>
 
   <section name="Not a vulnerability in Tomcat">



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

Re: svn commit: r1565181 - in /tomcat/site/trunk: build.xml docs/security-7.html docs/security-8.html xdocs/security-7.xml xdocs/security-8.xml

Posted by Mark Thomas <ma...@apache.org>.

On 06/02/2014 11:50, Konstantin Kolinko wrote:
> 2014-02-06  <ma...@apache.org>:
>> Author: markt
>> Date: Thu Feb  6 11:32:14 2014
>> New Revision: 1565181
>>
>> URL: http://svn.apache.org/r1565181
>> Log:
>> Add details for CVE-2014-0050
>>
>> Modified:
>>     tomcat/site/trunk/build.xml
>>     tomcat/site/trunk/docs/security-7.html
>>     tomcat/site/trunk/docs/security-8.html
>>     tomcat/site/trunk/xdocs/security-7.xml
>>     tomcat/site/trunk/xdocs/security-8.xml
>>
>> Modified: tomcat/site/trunk/build.xml
>> URL: http://svn.apache.org/viewvc/tomcat/site/trunk/build.xml?rev=1565181&r1=1565180&r2=1565181&view=diff
>> ==============================================================================
>> --- tomcat/site/trunk/build.xml (original)
>> +++ tomcat/site/trunk/build.xml Thu Feb  6 11:32:14 2014
>> @@ -211,4 +211,9 @@
>>      <available file="${destfile}" property="exist"/>
>>    </target>
>>
>> +  <target name="fixeol">
>> +    <fixcrlf srcdir="${docs.dest}/tomcat-6.0-doc" eol="crlf"
>> +        encoding="ISO-8859-1" fixlast="false" >
> 
> -1. Broken/dangerous.
> You are missing file name pattern here.
> 
> (A proper fix should go into 6.0.x dist.xml)

Sorry. That was a local hack I never intended to commit. I'll revert it.

Mark


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

Re: svn commit: r1565181 - in /tomcat/site/trunk: build.xml docs/security-7.html docs/security-8.html xdocs/security-7.xml xdocs/security-8.xml

Posted by Konstantin Kolinko <kn...@gmail.com>.

2014-02-06  <ma...@apache.org>:
> Author: markt
> Date: Thu Feb  6 11:32:14 2014
> New Revision: 1565181
>
> URL: http://svn.apache.org/r1565181
> Log:
> Add details for CVE-2014-0050
>
> Modified:
>     tomcat/site/trunk/build.xml
>     tomcat/site/trunk/docs/security-7.html
>     tomcat/site/trunk/docs/security-8.html
>     tomcat/site/trunk/xdocs/security-7.xml
>     tomcat/site/trunk/xdocs/security-8.xml
>
> Modified: tomcat/site/trunk/build.xml
> URL: http://svn.apache.org/viewvc/tomcat/site/trunk/build.xml?rev=1565181&r1=1565180&r2=1565181&view=diff
> ==============================================================================
> --- tomcat/site/trunk/build.xml (original)
> +++ tomcat/site/trunk/build.xml Thu Feb  6 11:32:14 2014
> @@ -211,4 +211,9 @@
>      <available file="${destfile}" property="exist"/>
>    </target>
>
> +  <target name="fixeol">
> +    <fixcrlf srcdir="${docs.dest}/tomcat-6.0-doc" eol="crlf"
> +        encoding="ISO-8859-1" fixlast="false" >

-1. Broken/dangerous.
You are missing file name pattern here.

(A proper fix should go into 6.0.x dist.xml)

> +    </fixcrlf>
> +  </target>
>  </project>
>
> Modified: tomcat/site/trunk/docs/security-7.html
> URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-7.html?rev=1565181&r1=1565180&r2=1565181&view=diff
> ==============================================================================
> --- tomcat/site/trunk/docs/security-7.html (original)
> +++ tomcat/site/trunk/docs/security-7.html Thu Feb  6 11:32:14 2014
>  </div>
> +<h3 id="Fixed_in_Apache_Tomcat_7.0.51">
> +<span style="float: right;">not yet released</span> Fixed in Apache Tomcat 7.0.51</h3>
> +<div class="text">
>(...)
> +
> +<p>Affects: 8.0.0-RC1-8.0.1</p>

This is a page for Tomcat 7.

> +
> +
> +</div>
>  <h3 id="Fixed_in_Apache_Tomcat_7.0.40">
>  <span style="float: right;">released 9 May 2013</span> Fixed in Apache Tomcat 7.0.40</h3>
>  <div class="text">
>
> Modified: tomcat/site/trunk/docs/security-8.html
> URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-8.html?rev=1565181&r1=1565180&r2=1565181&view=diff
> ==============================================================================
> --- tomcat/site/trunk/docs/security-8.html (original)
> +++ tomcat/site/trunk/docs/security-8.html Thu Feb  6 11:32:14 2014

OK.

Best regards,
Konstantin Kolinko

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org