You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2007/03/17 02:07:17 UTC
svn commit: r519197 - in /tomcat/site/trunk: docs/security-4.html
docs/security-5.html docs/security-6.html docs/security.html
xdocs/security-4.xml xdocs/security-5.xml xdocs/security-6.xml
xdocs/security.xml
Author: markt
Date: Fri Mar 16 18:07:15 2007
New Revision: 519197
URL: http://svn.apache.org/viewvc?view=rev&rev=519197
Log:
Add CVE-2007-0450 to security pages.
Modified:
tomcat/site/trunk/docs/security-4.html
tomcat/site/trunk/docs/security-5.html
tomcat/site/trunk/docs/security-6.html
tomcat/site/trunk/docs/security.html
tomcat/site/trunk/xdocs/security-4.xml
tomcat/site/trunk/xdocs/security-5.xml
tomcat/site/trunk/xdocs/security-6.xml
tomcat/site/trunk/xdocs/security.xml
Modified: tomcat/site/trunk/docs/security-4.html
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-4.html?view=diff&rev=519197&r1=519196&r2=519197
==============================================================================
--- tomcat/site/trunk/docs/security-4.html (original)
+++ tomcat/site/trunk/docs/security-4.html Fri Mar 16 18:07:15 2007
@@ -211,6 +211,61 @@
<tr>
<td bgcolor="#525D76">
<font color="#ffffff" face="arial,helvetica,sanserif">
+<a name="Fixed in Apache Tomcat 4.1.35">
+<strong>Fixed in Apache Tomcat 4.1.35</strong>
+</a>
+</font>
+</td>
+</tr>
+<tr>
+<td>
+<p>
+<blockquote>
+ <p>
+<strong>important: Directory traversal</strong>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0450">
+ CVE-2007-0450</a>
+</p>
+
+ <p>Tomcat permits both '\' and '%5C' as path delimiters. A HTTP request
+ containing strings like "/\../" allow attackers to break out of the given
+ context. Additionally, when using Tomcat behind a proxy configured to
+ only proxy some contexts this permits access to non-proxied contexts.
+ When used behind a proxy it is recommended that Tomcat is secured as if
+ the proxy were not present.</p>
+
+ <p>The following Java startup options have been added to Tomcat to provide
+ additional control of the handling of '\' and '%5c' in URLs:
+ <ul>
+ <li>
+<code>
+ -Dorg.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH=true|false
+ </code>
+</li>
+ <li>
+<code>
+ -Dorg.apache.catalina.connector.CoyoteAdapter.ALLOW_BACKSLASH=true|false
+ </code>
+</li>
+ </ul>
+ These options default to false.
+ </p>
+
+ <p>Affects: 4.0.0-4.0.6, 4.1.0-4.1.34</p>
+ </blockquote>
+</p>
+</td>
+</tr>
+<tr>
+<td>
+<br/>
+</td>
+</tr>
+</table>
+<table border="0" cellspacing="0" cellpadding="2" width="100%">
+<tr>
+<td bgcolor="#525D76">
+<font color="#ffffff" face="arial,helvetica,sanserif">
<a name="Fixed in Apache Tomcat 4.1.32">
<strong>Fixed in Apache Tomcat 4.1.32</strong>
</a>
Modified: tomcat/site/trunk/docs/security-5.html
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-5.html?view=diff&rev=519197&r1=519196&r2=519197
==============================================================================
--- tomcat/site/trunk/docs/security-5.html (original)
+++ tomcat/site/trunk/docs/security-5.html Fri Mar 16 18:07:15 2007
@@ -211,6 +211,61 @@
<tr>
<td bgcolor="#525D76">
<font color="#ffffff" face="arial,helvetica,sanserif">
+<a name="Fixed in Apache Tomcat 5.5.22, 5.0.HEAD">
+<strong>Fixed in Apache Tomcat 5.5.22, 5.0.HEAD</strong>
+</a>
+</font>
+</td>
+</tr>
+<tr>
+<td>
+<p>
+<blockquote>
+ <p>
+<strong>important: Directory traversal</strong>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0450">
+ CVE-2007-0450</a>
+</p>
+
+ <p>Tomcat permits both '\' and '%5C' as path delimiters. A HTTP request
+ containing strings like "/\../" allow attackers to break out of the given
+ context. Additionally, when using Tomcat behind a proxy configured to
+ only proxy some contexts this permits access to non-proxied contexts.
+ When used behind a proxy it is recommended that Tomcat is secured as if
+ the proxy were not present.</p>
+
+ <p>The following Java startup options have been added to Tomcat to provide
+ additional control of the handling of '\' and '%5c' in URLs:
+ <ul>
+ <li>
+<code>
+ -Dorg.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH=true|false
+ </code>
+</li>
+ <li>
+<code>
+ -Dorg.apache.catalina.connector.CoyoteAdapter.ALLOW_BACKSLASH=true|false
+ </code>
+</li>
+ </ul>
+ These options default to false.
+ </p>
+
+ <p>Affects: 5.5.0-5.5.21, 5.0.0-5.0.30</p>
+ </blockquote>
+</p>
+</td>
+</tr>
+<tr>
+<td>
+<br/>
+</td>
+</tr>
+</table>
+<table border="0" cellspacing="0" cellpadding="2" width="100%">
+<tr>
+<td bgcolor="#525D76">
+<font color="#ffffff" face="arial,helvetica,sanserif">
<a name="Fixed in Apache Tomcat 5.5.13, 5.0.HEAD">
<strong>Fixed in Apache Tomcat 5.5.13, 5.0.HEAD</strong>
</a>
Modified: tomcat/site/trunk/docs/security-6.html
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-6.html?view=diff&rev=519197&r1=519196&r2=519197
==============================================================================
--- tomcat/site/trunk/docs/security-6.html (original)
+++ tomcat/site/trunk/docs/security-6.html Fri Mar 16 18:07:15 2007
@@ -211,8 +211,8 @@
<tr>
<td bgcolor="#525D76">
<font color="#ffffff" face="arial,helvetica,sanserif">
-<a name="Fixed in Apache Tomcat 6.?.?">
-<strong>Fixed in Apache Tomcat 6.?.?</strong>
+<a name="Fixed in Apache Tomcat 6.0.10">
+<strong>Fixed in Apache Tomcat 6.0.10</strong>
</a>
</font>
</td>
@@ -221,7 +221,37 @@
<td>
<p>
<blockquote>
+ <p>
+<strong>important: Directory traversal</strong>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0450">
+ CVE-2007-0450</a>
+</p>
+ <p>Tomcat permits both '\' and '%5C' as path delimiters. A HTTP request
+ containing strings like "/\../" allow attackers to break out of the given
+ context. Additionally, when using Tomcat behind a proxy configured to
+ only proxy some contexts this permits access to non-proxied contexts.
+ When used behind a proxy it is recommended that Tomcat is secured as if
+ the proxy were not present.</p>
+
+ <p>The following Java startup options have been added to Tomcat to provide
+ additional control of the handling of '\' and '%5c' in URLs:
+ <ul>
+ <li>
+<code>
+ -Dorg.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH=true|false
+ </code>
+</li>
+ <li>
+<code>
+ -Dorg.apache.catalina.connector.CoyoteAdapter.ALLOW_BACKSLASH=true|false
+ </code>
+</li>
+ </ul>
+ These options default to false.
+ </p>
+
+ <p>Affects: 6.0.0-6.0.9</p>
</blockquote>
</p>
</td>
Modified: tomcat/site/trunk/docs/security.html
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security.html?view=diff&rev=519197&r1=519196&r2=519197
==============================================================================
--- tomcat/site/trunk/docs/security.html (original)
+++ tomcat/site/trunk/docs/security.html Fri Mar 16 18:07:15 2007
@@ -184,8 +184,13 @@
<td>
<p>
<blockquote>
- <p>These pages are a work in progress. Additional information will be added
- as it is identified.</p>
+
+ <p>
+<strong>These pages are a work in progress.</strong> The intention is to
+ add most recently dislcosed vulnerabilitites first and then work
+ backwards in time. Please bear this in mind before reporting an
+ omission.</p>
+
<p>Lists of security problems fixed in released versions of Apache Tomcat
are available:</p>
<ul>
@@ -257,6 +262,35 @@
URL repeatedly). In general our philosophy is to avoid any attacks which
can cause the server to consume resources in a non-linear relationship to
the size of inputs.</p>
+ </blockquote>
+</p>
+</td>
+</tr>
+<tr>
+<td>
+<br/>
+</td>
+</tr>
+</table>
+<table border="0" cellspacing="0" cellpadding="2" width="100%">
+<tr>
+<td bgcolor="#525D76">
+<font color="#ffffff" face="arial,helvetica,sanserif">
+<a name="Errors and omissions">
+<strong>Errors and omissions</strong>
+</a>
+</font>
+</td>
+</tr>
+<tr>
+<td>
+<p>
+<blockquote>
+
+ <p>Please report any errors or omissions to
+ <a href="mailto:security@tomcat.apache.org">security@tomcat.apache.org
+ </a>.
+ </p>
</blockquote>
</p>
Modified: tomcat/site/trunk/xdocs/security-4.xml
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-4.xml?view=diff&rev=519197&r1=519196&r2=519197
==============================================================================
--- tomcat/site/trunk/xdocs/security-4.xml (original)
+++ tomcat/site/trunk/xdocs/security-4.xml Fri Mar 16 18:07:15 2007
@@ -24,6 +24,34 @@
</section>
+ <section name="Fixed in Apache Tomcat 4.1.35">
+ <p><strong>important: Directory traversal</strong>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0450">
+ CVE-2007-0450</a></p>
+
+ <p>Tomcat permits both '\' and '%5C' as path delimiters. A HTTP request
+ containing strings like "/\../" allow attackers to break out of the given
+ context. Additionally, when using Tomcat behind a proxy configured to
+ only proxy some contexts this permits access to non-proxied contexts.
+ When used behind a proxy it is recommended that Tomcat is secured as if
+ the proxy were not present.</p>
+
+ <p>The following Java startup options have been added to Tomcat to provide
+ additional control of the handling of '\' and '%5c' in URLs:
+ <ul>
+ <li><code>
+ -Dorg.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH=true|false
+ </code></li>
+ <li><code>
+ -Dorg.apache.catalina.connector.CoyoteAdapter.ALLOW_BACKSLASH=true|false
+ </code></li>
+ </ul>
+ These options default to false.
+ </p>
+
+ <p>Affects: 4.0.0-4.0.6, 4.1.0-4.1.34</p>
+ </section>
+
<section name="Fixed in Apache Tomcat 4.1.32">
<p><strong>low: Directory listing</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3835">
Modified: tomcat/site/trunk/xdocs/security-5.xml
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-5.xml?view=diff&rev=519197&r1=519196&r2=519197
==============================================================================
--- tomcat/site/trunk/xdocs/security-5.xml (original)
+++ tomcat/site/trunk/xdocs/security-5.xml Fri Mar 16 18:07:15 2007
@@ -24,6 +24,34 @@
</section>
+ <section name="Fixed in Apache Tomcat 5.5.22, 5.0.HEAD">
+ <p><strong>important: Directory traversal</strong>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0450">
+ CVE-2007-0450</a></p>
+
+ <p>Tomcat permits both '\' and '%5C' as path delimiters. A HTTP request
+ containing strings like "/\../" allow attackers to break out of the given
+ context. Additionally, when using Tomcat behind a proxy configured to
+ only proxy some contexts this permits access to non-proxied contexts.
+ When used behind a proxy it is recommended that Tomcat is secured as if
+ the proxy were not present.</p>
+
+ <p>The following Java startup options have been added to Tomcat to provide
+ additional control of the handling of '\' and '%5c' in URLs:
+ <ul>
+ <li><code>
+ -Dorg.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH=true|false
+ </code></li>
+ <li><code>
+ -Dorg.apache.catalina.connector.CoyoteAdapter.ALLOW_BACKSLASH=true|false
+ </code></li>
+ </ul>
+ These options default to false.
+ </p>
+
+ <p>Affects: 5.5.0-5.5.21, 5.0.0-5.0.30</p>
+ </section>
+
<section name="Fixed in Apache Tomcat 5.5.13, 5.0.HEAD">
<p><strong>low: Directory listing</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3835">
Modified: tomcat/site/trunk/xdocs/security-6.xml
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-6.xml?view=diff&rev=519197&r1=519196&r2=519197
==============================================================================
--- tomcat/site/trunk/xdocs/security-6.xml (original)
+++ tomcat/site/trunk/xdocs/security-6.xml Fri Mar 16 18:07:15 2007
@@ -24,8 +24,32 @@
</section>
- <section name="Fixed in Apache Tomcat 6.?.?">
+ <section name="Fixed in Apache Tomcat 6.0.10">
+ <p><strong>important: Directory traversal</strong>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0450">
+ CVE-2007-0450</a></p>
+ <p>Tomcat permits both '\' and '%5C' as path delimiters. A HTTP request
+ containing strings like "/\../" allow attackers to break out of the given
+ context. Additionally, when using Tomcat behind a proxy configured to
+ only proxy some contexts this permits access to non-proxied contexts.
+ When used behind a proxy it is recommended that Tomcat is secured as if
+ the proxy were not present.</p>
+
+ <p>The following Java startup options have been added to Tomcat to provide
+ additional control of the handling of '\' and '%5c' in URLs:
+ <ul>
+ <li><code>
+ -Dorg.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH=true|false
+ </code></li>
+ <li><code>
+ -Dorg.apache.catalina.connector.CoyoteAdapter.ALLOW_BACKSLASH=true|false
+ </code></li>
+ </ul>
+ These options default to false.
+ </p>
+
+ <p>Affects: 6.0.0-6.0.9</p>
</section>
</body>
</document>
Modified: tomcat/site/trunk/xdocs/security.xml
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security.xml?view=diff&rev=519197&r1=519196&r2=519197
==============================================================================
--- tomcat/site/trunk/xdocs/security.xml (original)
+++ tomcat/site/trunk/xdocs/security.xml Fri Mar 16 18:07:15 2007
@@ -8,8 +8,12 @@
<body>
<section name="Security Updates">
- <p>These pages are a work in progress. Additional information will be added
- as it is identified.</p>
+
+ <p><strong>These pages are a work in progress.</strong> The intention is to
+ add most recently dislcosed vulnerabilitites first and then work
+ backwards in time. Please bear this in mind before reporting an
+ omission.</p>
+
<p>Lists of security problems fixed in released versions of Apache Tomcat
are available:</p>
<ul>
@@ -47,6 +51,14 @@
URL repeatedly). In general our philosophy is to avoid any attacks which
can cause the server to consume resources in a non-linear relationship to
the size of inputs.</p>
+ </section>
+
+ <section name="Errors and omissions">
+
+ <p>Please report any errors or omissions to
+ <a href="mailto:security@tomcat.apache.org">security@tomcat.apache.org
+ </a>.
+ </p>
</section>
</body>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org