You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2008/08/01 16:05:45 UTC
svn commit: r681699 - in /tomcat/site/trunk: docs/security-4.html
docs/security-5.html docs/security-6.html xdocs/security-4.xml
xdocs/security-5.xml xdocs/security-6.xml
Author: markt
Date: Fri Aug 1 07:05:44 2008
New Revision: 681699
URL: http://svn.apache.org/viewvc?rev=681699&view=rev
Log:
Update security pages.
Modified:
tomcat/site/trunk/docs/security-4.html
tomcat/site/trunk/docs/security-5.html
tomcat/site/trunk/docs/security-6.html
tomcat/site/trunk/xdocs/security-4.xml
tomcat/site/trunk/xdocs/security-5.xml
tomcat/site/trunk/xdocs/security-6.xml
Modified: tomcat/site/trunk/docs/security-4.html
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-4.html?rev=681699&r1=681698&r2=681699&view=diff
==============================================================================
--- tomcat/site/trunk/docs/security-4.html (original)
+++ tomcat/site/trunk/docs/security-4.html Fri Aug 1 07:05:44 2008
@@ -206,7 +206,6 @@
vulnerabilities in the 4.0.x branch will not be fixed. Users should
upgrade to 4.1.x, 5.5.x or 6.x to obtain security fixes.</p>
-
</blockquote>
</p>
</td>
@@ -298,6 +297,61 @@
<tr>
<td bgcolor="#525D76">
<font color="#ffffff" face="arial,helvetica,sanserif">
+<a name="Fixed in Apache Tomcat 4.1.SVN">
+<strong>Fixed in Apache Tomcat 4.1.SVN</strong>
+</a>
+</font>
+</td>
+</tr>
+<tr>
+<td>
+<p>
+<blockquote>
+
+ <p>
+<strong>low: Cross-site scripting</strong>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1232">
+ CVE-2008-1232</a>
+</p>
+
+ <p>The message argument of HttpServletResponse.sendError() call is not only
+ displayed on the error page, but is also used for the reason-phrase of
+ HTTP response. This may include characters that are illegal in HTTP
+ headers. It is possible for a specially crafted message to result in
+ arbitrary content being injected into the HTTP response. For a successful
+ XSS attack, unfiltered user supplied data must be included in the message
+ argument.</p>
+
+ <p>Affects: 4.1.0-4.1.37</p>
+
+ <p>
+<strong>important: Information disclosure</strong>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2370">
+ CVE-2008-2370</a>
+</p>
+
+ <p>When using a RequestDispatcher the target path was normalised before the
+ query string was removed. A request that included a specially crafted
+ request parameter could be used to access content that would otherwise be
+ protected by a security constraint or by locating it in under the WEB-INF
+ directory.</p>
+
+ <p>Affects: 4.1.0-4.1.37</p>
+
+ </blockquote>
+</p>
+</td>
+</tr>
+<tr>
+<td>
+<br/>
+</td>
+</tr>
+</table>
+<table border="0" cellspacing="0" cellpadding="2" width="100%">
+<tr>
+<td bgcolor="#525D76">
+<font color="#ffffff" face="arial,helvetica,sanserif">
<a name="Fixed in Apache Tomcat 4.1.37">
<strong>Fixed in Apache Tomcat 4.1.37</strong>
</a>
Modified: tomcat/site/trunk/docs/security-5.html
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-5.html?rev=681699&r1=681698&r2=681699&view=diff
==============================================================================
--- tomcat/site/trunk/docs/security-5.html (original)
+++ tomcat/site/trunk/docs/security-5.html Fri Aug 1 07:05:44 2008
@@ -234,6 +234,22 @@
<blockquote>
<p>
<strong>low: Cross-site scripting</strong>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1232">
+ CVE-2008-1232</a>
+</p>
+
+ <p>The message argument of HttpServletResponse.sendError() call is not only
+ displayed on the error page, but is also used for the reason-phrase of
+ HTTP response. This may include characters that are illegal in HTTP
+ headers. It is possible for a specially crafted message to result in
+ arbitrary content being injected into the HTTP response. For a successful
+ XSS attack, unfiltered user supplied data must be included in the message
+ argument.</p>
+
+ <p>Affects: 5.5.0-5.5.26</p>
+
+ <p>
+<strong>low: Cross-site scripting</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1947">
CVE-2008-1947</a>
</p>
@@ -245,6 +261,21 @@
have been completed.</p>
<p>Affects: 5.5.9-5.5.26</p>
+
+ <p>
+<strong>important: Information disclosure</strong>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2370">
+ CVE-2008-2370</a>
+</p>
+
+ <p>When using a RequestDispatcher the target path was normalised before the
+ query string was removed. A request that included a specially crafted
+ request parameter could be used to access content that would otherwise be
+ protected by a security constraint or by locating it in under the WEB-INF
+ directory.</p>
+
+ <p>Affects: 5.5.0-5.5.26</p>
+
</blockquote>
</p>
</td>
Modified: tomcat/site/trunk/docs/security-6.html
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-6.html?rev=681699&r1=681698&r2=681699&view=diff
==============================================================================
--- tomcat/site/trunk/docs/security-6.html (original)
+++ tomcat/site/trunk/docs/security-6.html Fri Aug 1 07:05:44 2008
@@ -216,8 +216,8 @@
<tr>
<td bgcolor="#525D76">
<font color="#ffffff" face="arial,helvetica,sanserif">
-<a name="Fixed in Apache Tomcat 6.0.SVN">
-<strong>Fixed in Apache Tomcat 6.0.SVN</strong>
+<a name="Fixed in Apache Tomcat 6.0.18">
+<strong>Fixed in Apache Tomcat 6.0.18</strong>
</a>
</font>
</td>
@@ -228,6 +228,22 @@
<blockquote>
<p>
<strong>low: Cross-site scripting</strong>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1232">
+ CVE-2008-1232</a>
+</p>
+
+ <p>The message argument of HttpServletResponse.sendError() call is not only
+ displayed on the error page, but is also used for the reason-phrase of
+ HTTP response. This may include characters that are illegal in HTTP
+ headers. It is possible for a specially crafted message to result in
+ arbitrary content being injected into the HTTP response. For a successful
+ XSS attack, unfiltered user supplied data must be included in the message
+ argument.</p>
+
+ <p>Affects: 6.0.0-6.0.16</p>
+
+ <p>
+<strong>low: Cross-site scripting</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1947">
CVE-2008-1947</a>
</p>
@@ -239,6 +255,20 @@
have been completed.</p>
<p>Affects: 6.0.0-6.0.16</p>
+
+ <p>
+<strong>important: Information disclosure</strong>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2370">
+ CVE-2008-2370</a>
+</p>
+
+ <p>When using a RequestDispatcher the target path was normalised before the
+ query string was removed. A request that included a specially crafted
+ request parameter could be used to access content that would otherwise be
+ protected by a security constraint or by locating it in under the WEB-INF
+ directory.</p>
+
+ <p>Affects: 6.0.0-6.0.16</p>
</blockquote>
</p>
</td>
Modified: tomcat/site/trunk/xdocs/security-4.xml
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-4.xml?rev=681699&r1=681698&r2=681699&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/security-4.xml (original)
+++ tomcat/site/trunk/xdocs/security-4.xml Fri Aug 1 07:05:44 2008
@@ -24,7 +24,6 @@
vulnerabilities in the 4.0.x branch will not be fixed. Users should
upgrade to 4.1.x, 5.5.x or 6.x to obtain security fixes.</p>
-
</section>
<section name="Will not be fixed in Apache Tomcat 4.1.x">
@@ -58,6 +57,36 @@
</section>
+ <section name="Fixed in Apache Tomcat 4.1.SVN">
+
+ <p><strong>low: Cross-site scripting</strong>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1232">
+ CVE-2008-1232</a></p>
+
+ <p>The message argument of HttpServletResponse.sendError() call is not only
+ displayed on the error page, but is also used for the reason-phrase of
+ HTTP response. This may include characters that are illegal in HTTP
+ headers. It is possible for a specially crafted message to result in
+ arbitrary content being injected into the HTTP response. For a successful
+ XSS attack, unfiltered user supplied data must be included in the message
+ argument.</p>
+
+ <p>Affects: 4.1.0-4.1.37</p>
+
+ <p><strong>important: Information disclosure</strong>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2370">
+ CVE-2008-2370</a></p>
+
+ <p>When using a RequestDispatcher the target path was normalised before the
+ query string was removed. A request that included a specially crafted
+ request parameter could be used to access content that would otherwise be
+ protected by a security constraint or by locating it in under the WEB-INF
+ directory.</p>
+
+ <p>Affects: 4.1.0-4.1.37</p>
+
+ </section>
+
<section name="Fixed in Apache Tomcat 4.1.37">
<p><strong>important: Information disclosure</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3164">
Modified: tomcat/site/trunk/xdocs/security-5.xml
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-5.xml?rev=681699&r1=681698&r2=681699&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/security-5.xml (original)
+++ tomcat/site/trunk/xdocs/security-5.xml Fri Aug 1 07:05:44 2008
@@ -30,6 +30,20 @@
<section name="Fixed in Apache Tomcat 5.5.SVN">
<p><strong>low: Cross-site scripting</strong>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1232">
+ CVE-2008-1232</a></p>
+
+ <p>The message argument of HttpServletResponse.sendError() call is not only
+ displayed on the error page, but is also used for the reason-phrase of
+ HTTP response. This may include characters that are illegal in HTTP
+ headers. It is possible for a specially crafted message to result in
+ arbitrary content being injected into the HTTP response. For a successful
+ XSS attack, unfiltered user supplied data must be included in the message
+ argument.</p>
+
+ <p>Affects: 5.5.0-5.5.26</p>
+
+ <p><strong>low: Cross-site scripting</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1947">
CVE-2008-1947</a></p>
@@ -40,6 +54,19 @@
have been completed.</p>
<p>Affects: 5.5.9-5.5.26</p>
+
+ <p><strong>important: Information disclosure</strong>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2370">
+ CVE-2008-2370</a></p>
+
+ <p>When using a RequestDispatcher the target path was normalised before the
+ query string was removed. A request that included a specially crafted
+ request parameter could be used to access content that would otherwise be
+ protected by a security constraint or by locating it in under the WEB-INF
+ directory.</p>
+
+ <p>Affects: 5.5.0-5.5.26</p>
+
</section>
<section name="Fixed in Apache Tomcat 5.5.26">
Modified: tomcat/site/trunk/xdocs/security-6.xml
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-6.xml?rev=681699&r1=681698&r2=681699&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/security-6.xml (original)
+++ tomcat/site/trunk/xdocs/security-6.xml Fri Aug 1 07:05:44 2008
@@ -22,7 +22,21 @@
</section>
- <section name="Fixed in Apache Tomcat 6.0.SVN">
+ <section name="Fixed in Apache Tomcat 6.0.18">
+ <p><strong>low: Cross-site scripting</strong>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1232">
+ CVE-2008-1232</a></p>
+
+ <p>The message argument of HttpServletResponse.sendError() call is not only
+ displayed on the error page, but is also used for the reason-phrase of
+ HTTP response. This may include characters that are illegal in HTTP
+ headers. It is possible for a specially crafted message to result in
+ arbitrary content being injected into the HTTP response. For a successful
+ XSS attack, unfiltered user supplied data must be included in the message
+ argument.</p>
+
+ <p>Affects: 6.0.0-6.0.16</p>
+
<p><strong>low: Cross-site scripting</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1947">
CVE-2008-1947</a></p>
@@ -34,8 +48,21 @@
have been completed.</p>
<p>Affects: 6.0.0-6.0.16</p>
+
+ <p><strong>important: Information disclosure</strong>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2370">
+ CVE-2008-2370</a></p>
+
+ <p>When using a RequestDispatcher the target path was normalised before the
+ query string was removed. A request that included a specially crafted
+ request parameter could be used to access content that would otherwise be
+ protected by a security constraint or by locating it in under the WEB-INF
+ directory.</p>
+
+ <p>Affects: 6.0.0-6.0.16</p>
</section>
+
<section name="Fixed in Apache Tomcat 6.0.16">
<p><strong>low: Session hi-jacking</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5333">
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org