You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by kk...@apache.org on 2011/11/02 20:48:07 UTC
svn commit: r1196781 - in /tomcat/site/trunk: docs/ xdocs/
Author: kkolinko
Date: Wed Nov 2 19:48:05 2011
New Revision: 1196781
URL: http://svn.apache.org/viewvc?rev=1196781&view=rev
Log:
Be consistent in formatting security impact level names:
start them with an uppercase character.
Modified:
tomcat/site/trunk/docs/security-3.html
tomcat/site/trunk/docs/security-4.html
tomcat/site/trunk/docs/security-5.html
tomcat/site/trunk/docs/security-6.html
tomcat/site/trunk/docs/security-7.html
tomcat/site/trunk/docs/security-jk.html
tomcat/site/trunk/xdocs/security-3.xml
tomcat/site/trunk/xdocs/security-4.xml
tomcat/site/trunk/xdocs/security-5.xml
tomcat/site/trunk/xdocs/security-6.xml
tomcat/site/trunk/xdocs/security-7.xml
tomcat/site/trunk/xdocs/security-jk.xml
Modified: tomcat/site/trunk/docs/security-3.html
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-3.html?rev=1196781&r1=1196780&r2=1196781&view=diff
==============================================================================
--- tomcat/site/trunk/docs/security-3.html (original)
+++ tomcat/site/trunk/docs/security-3.html Wed Nov 2 19:48:05 2011
@@ -282,7 +282,7 @@
<blockquote>
<p>
-<strong>important: Denial of service</strong>
+<strong>Important: Denial of service</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0808" rel="nofollow">CVE-2005-0808</a>
</p>
@@ -298,7 +298,7 @@
<p>
-<strong>low: Session hi-jacking</strong>
+<strong>Low: Session hi-jacking</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3382" rel="nofollow">CVE-2007-3382</a>
</p>
@@ -312,7 +312,7 @@
<p>
-<strong>low: Cross site scripting</strong>
+<strong>Low: Cross site scripting</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3384" rel="nofollow">CVE-2007-3384</a>
</p>
@@ -327,7 +327,7 @@
<p>
-<strong>low: Session hi-jacking</strong>
+<strong>Low: Session hi-jacking</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3385" rel="nofollow">CVE-2007-3385</a>
</p>
@@ -361,7 +361,7 @@
<blockquote>
<p>
-<strong>moderate: Cross site scripting</strong>
+<strong>Moderate: Cross site scripting</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0044" rel="nofollow">CVE-2003-0044</a>
</p>
@@ -395,7 +395,7 @@
<blockquote>
<p>
-<strong>important: Information disclosure</strong>
+<strong>Important: Information disclosure</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0043" rel="nofollow">CVE-2003-0043</a>
</p>
@@ -409,7 +409,7 @@
<p>
-<strong>important: Information disclosure</strong>
+<strong>Important: Information disclosure</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0042" rel="nofollow">CVE-2003-0042</a>
</p>
@@ -442,7 +442,7 @@
<blockquote>
<p>
-<strong>important: Denial of service</strong>
+<strong>Important: Denial of service</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0045" rel="nofollow">CVE-2003-0045</a>
</p>
@@ -476,7 +476,7 @@
<blockquote>
<p>
-<strong>moderate: Information disclosure</strong>
+<strong>Moderate: Information disclosure</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2007" rel="nofollow">CVE-2002-2007</a>
</p>
@@ -490,7 +490,7 @@
<p>
-<strong>low: Information disclosure</strong>
+<strong>Low: Information disclosure</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2006" rel="nofollow">CVE-2002-2006</a>,
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0760" rel="nofollow">CVE-2000-0760</a>
</p>
@@ -524,7 +524,7 @@
<blockquote>
<p>
-<strong>moderate: Information disclosure</strong>
+<strong>Moderate: Information disclosure</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1563" rel="nofollow">CVE-2001-1563</a>
<br>
</p>
@@ -557,7 +557,7 @@
<blockquote>
<p>
-<strong>moderate: Cross site scripting</strong>
+<strong>Moderate: Cross site scripting</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0829" rel="nofollow">CVE-2001-0829</a>
</p>
@@ -570,7 +570,7 @@
<p>
-<strong>moderate: Information disclosure</strong>
+<strong>Moderate: Information disclosure</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0590" rel="nofollow">CVE-2001-0590</a>
</p>
@@ -601,7 +601,7 @@
<blockquote>
<p>
-<strong>low: Information disclosure</strong>
+<strong>Low: Information disclosure</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0759" rel="nofollow">CVE-2000-0759</a>
</p>
@@ -614,7 +614,7 @@
<p>
-<strong>important: Information disclosure</strong>
+<strong>Important: Information disclosure</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0672" rel="nofollow">CVE-2000-0672</a>
</p>
@@ -648,7 +648,7 @@
<blockquote>
<p>
-<strong>important: Information disclosure</strong>
+<strong>Important: Information disclosure</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1210" rel="nofollow">CVE-2000-1210</a>
</p>
Modified: tomcat/site/trunk/docs/security-4.html
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-4.html?rev=1196781&r1=1196780&r2=1196781&view=diff
==============================================================================
--- tomcat/site/trunk/docs/security-4.html (original)
+++ tomcat/site/trunk/docs/security-4.html Wed Nov 2 19:48:05 2011
@@ -309,7 +309,7 @@
<blockquote>
<p>
-<strong>moderate: Information disclosure</strong>
+<strong>Moderate: Information disclosure</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4836" rel="nofollow">CVE-2005-4836</a>
</p>
@@ -387,7 +387,7 @@
<p>
-<strong>low: Information disclosure</strong>
+<strong>Low: Information disclosure</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0580" rel="nofollow">CVE-2009-0580</a>
</p>
@@ -408,7 +408,7 @@
<p>
-<strong>low: Cross-site scripting</strong>
+<strong>Low: Cross-site scripting</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0781" rel="nofollow">CVE-2009-0781</a>
</p>
@@ -425,7 +425,7 @@
<p>
-<strong>low: Information disclosure</strong>
+<strong>Low: Information disclosure</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0783" rel="nofollow">CVE-2009-0783</a>
</p>
@@ -466,7 +466,7 @@
<p>
-<strong>moderate: Session hi-jacking</strong>
+<strong>Moderate: Session hi-jacking</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0128" rel="nofollow">CVE-2008-0128</a>
</p>
@@ -484,7 +484,7 @@
<p>
-<strong>low: Cross-site scripting</strong>
+<strong>Low: Cross-site scripting</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1232" rel="nofollow">CVE-2008-1232</a>
</p>
@@ -505,7 +505,7 @@
<p>
-<strong>important: Information disclosure</strong>
+<strong>Important: Information disclosure</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2370" rel="nofollow">CVE-2008-2370</a>
</p>
@@ -544,7 +544,7 @@
<blockquote>
<p>
-<strong>important: Information disclosure</strong>
+<strong>Important: Information disclosure</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3164" rel="nofollow">CVE-2005-3164</a>
</p>
@@ -560,7 +560,7 @@
<p>
-<strong>moderate: Cross-site scripting</strong>
+<strong>Moderate: Cross-site scripting</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1355" rel="nofollow">CVE-2007-1355</a>
</p>
@@ -575,7 +575,7 @@
<p>
-<strong>low: Cross-site scripting</strong>
+<strong>Low: Cross-site scripting</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2449" rel="nofollow">CVE-2007-2449</a>
</p>
@@ -593,7 +593,7 @@
<p>
-<strong>low: Cross-site scripting</strong>
+<strong>Low: Cross-site scripting</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2450" rel="nofollow">CVE-2007-2450</a>
</p>
@@ -609,7 +609,7 @@
<p>
-<strong>low: Session hi-jacking</strong>
+<strong>Low: Session hi-jacking</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3382" rel="nofollow">CVE-2007-3382</a>
</p>
@@ -623,7 +623,7 @@
<p>
-<strong>low: Cross-site scripting</strong>
+<strong>Low: Cross-site scripting</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3383" rel="nofollow">CVE-2007-3383</a>
</p>
@@ -641,7 +641,7 @@
<p>
-<strong>low: Session hi-jacking</strong>
+<strong>Low: Session hi-jacking</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3385" rel="nofollow">CVE-2007-3385</a>
</p>
@@ -655,7 +655,7 @@
<p>
-<strong>low: Session hi-jacking</strong>
+<strong>Low: Session hi-jacking</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5333" rel="nofollow">CVE-2007-5333</a>
</p>
@@ -669,7 +669,7 @@
<p>
-<strong>important: Information disclosure</strong>
+<strong>Important: Information disclosure</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5461" rel="nofollow">CVE-2007-5461</a>
</p>
@@ -704,7 +704,7 @@
<blockquote>
<p>
-<strong>important: Information disclosure</strong>
+<strong>Important: Information disclosure</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2090" rel="nofollow">CVE-2005-2090</a>
</p>
@@ -725,7 +725,7 @@
<p>
-<strong>important: Directory traversal</strong>
+<strong>Important: Directory traversal</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0450" rel="nofollow">CVE-2007-0450</a>
</p>
@@ -778,7 +778,7 @@
<p>
-<strong>low: Cross-site scripting</strong>
+<strong>Low: Cross-site scripting</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1358" rel="nofollow">CVE-2007-1358</a>
</p>
@@ -817,7 +817,7 @@
<p>
-<strong>low: Information disclosure</strong>
+<strong>Low: Information disclosure</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4308" rel="nofollow">CVE-2008-4308</a>
</p>
@@ -855,7 +855,7 @@
<p>
-<strong>low: Information disclosure</strong>
+<strong>Low: Information disclosure</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3271" rel="nofollow">CVE-2008-3271</a>
</p>
@@ -873,7 +873,7 @@
<p>
-<strong>important: Information disclosure</strong>
+<strong>Important: Information disclosure</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1858" rel="nofollow">CVE-2007-1858</a>
</p>
@@ -887,7 +887,7 @@
<p>
-<strong>low: Cross-site scripting</strong>
+<strong>Low: Cross-site scripting</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7196" rel="nofollow">CVE-2006-7196</a>
</p>
@@ -901,7 +901,7 @@
<p>
-<strong>low: Directory listing</strong>
+<strong>Low: Directory listing</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3835" rel="nofollow">CVE-2006-3835</a>
</p>
@@ -918,7 +918,7 @@
<p>
-<strong>low: Cross-site scripting</strong>
+<strong>Low: Cross-site scripting</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4838" rel="nofollow">CVE-2005-4838</a>
</p>
@@ -932,7 +932,7 @@
<p>
-<strong>important: Denial of service</strong>
+<strong>Important: Denial of service</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3510" rel="nofollow">CVE-2005-3510</a>
</p>
@@ -970,7 +970,7 @@
<blockquote>
<p>
-<strong>moderate: Cross-site scripting</strong>
+<strong>Moderate: Cross-site scripting</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1567" rel="nofollow">CVE-2002-1567</a>
</p>
@@ -1006,7 +1006,7 @@
<blockquote>
<p>
-<strong>important: Information disclosure</strong>
+<strong>Important: Information disclosure</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1394" rel="nofollow">CVE-2002-1394</a>
</p>
@@ -1024,7 +1024,7 @@
<p>
-<strong>moderate: Cross-site scripting</strong>
+<strong>Moderate: Cross-site scripting</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0682" rel="nofollow">CVE-2002-0682</a>
</p>
@@ -1057,7 +1057,7 @@
<blockquote>
<p>
-<strong>important: Information disclosure</strong>
+<strong>Important: Information disclosure</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1148" rel="nofollow">CVE-2002-1148</a>
</p>
@@ -1089,7 +1089,7 @@
<blockquote>
<p>
-<strong>important: Denial of service</strong>
+<strong>Important: Denial of service</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0935" rel="nofollow">CVE-2002-0935</a>
</p>
@@ -1123,7 +1123,7 @@
<blockquote>
<p>
-<strong>important: Denial of service</strong>
+<strong>Important: Denial of service</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0866" rel="nofollow">CVE-2003-0866</a>
</p>
@@ -1137,7 +1137,7 @@
<p>
-<strong>low: Information disclosure</strong>
+<strong>Low: Information disclosure</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2006" rel="nofollow">CVE-2002-2006</a>
</p>
@@ -1170,7 +1170,7 @@
<blockquote>
<p>
-<strong>low: Information disclosure</strong>
+<strong>Low: Information disclosure</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2009" rel="nofollow">CVE-2002-2009</a>,
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0917" rel="nofollow">CVE-2001-0917</a>
</p>
@@ -1205,7 +1205,7 @@
<blockquote>
<p>
-<strong>moderate: Security manager bypass</strong>
+<strong>Moderate: Security manager bypass</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0493" rel="nofollow">CVE-2002-0493</a>
</p>
@@ -1237,7 +1237,7 @@
<blockquote>
<p>
-<strong>low: Installation path disclosure</strong>
+<strong>Low: Installation path disclosure</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4703" rel="nofollow">CVE-2005-4703</a>,
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2008" rel="nofollow">CVE-2002-2008</a>
</p>
@@ -1255,7 +1255,7 @@
<p>
-<strong>important: Denial of service</strong>
+<strong>Important: Denial of service</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1895" rel="nofollow">CVE-2002-1895</a>
</p>
@@ -1290,7 +1290,7 @@
<blockquote>
<p>
-<strong>important: Directory traversal</strong>
+<strong>Important: Directory traversal</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2938" rel="nofollow">CVE-2008-2938</a>
</p>
Modified: tomcat/site/trunk/docs/security-5.html
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-5.html?rev=1196781&r1=1196780&r2=1196781&view=diff
==============================================================================
--- tomcat/site/trunk/docs/security-5.html (original)
+++ tomcat/site/trunk/docs/security-5.html Wed Nov 2 19:48:05 2011
@@ -592,7 +592,7 @@
<p>
-<strong>low: Cross-site scripting</strong>
+<strong>Low: Cross-site scripting</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0013" rel="nofollow">CVE-2011-0013</a>
</p>
@@ -635,7 +635,7 @@
<p>
-<strong>low: SecurityManager file permission bypass</strong>
+<strong>Low: SecurityManager file permission bypass</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3718" rel="nofollow">CVE-2010-3718</a>
</p>
@@ -899,7 +899,7 @@
<p>
-<strong>low: Information disclosure</strong>
+<strong>Low: Information disclosure</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0580" rel="nofollow">CVE-2009-0580</a>
</p>
@@ -924,7 +924,7 @@
<p>
-<strong>low: Cross-site scripting</strong>
+<strong>Low: Cross-site scripting</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0781" rel="nofollow">CVE-2009-0781</a>
</p>
@@ -945,7 +945,7 @@
<p>
-<strong>low: Information disclosure</strong>
+<strong>Low: Information disclosure</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0783" rel="nofollow">CVE-2009-0783</a>
</p>
@@ -990,7 +990,7 @@
<blockquote>
<p>
-<strong>low: Cross-site scripting</strong>
+<strong>Low: Cross-site scripting</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1232" rel="nofollow">CVE-2008-1232</a>
</p>
@@ -1015,7 +1015,7 @@
<p>
-<strong>low: Cross-site scripting</strong>
+<strong>Low: Cross-site scripting</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1947" rel="nofollow">CVE-2008-1947</a>
</p>
@@ -1038,7 +1038,7 @@
<p>
-<strong>important: Information disclosure</strong>
+<strong>Important: Information disclosure</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2370" rel="nofollow">CVE-2008-2370</a>
</p>
@@ -1081,7 +1081,7 @@
<blockquote>
<p>
-<strong>low: Session hi-jacking</strong>
+<strong>Low: Session hi-jacking</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5333" rel="nofollow">CVE-2007-5333</a>
</p>
@@ -1094,7 +1094,7 @@
<p>
-<strong>low: Elevated privileges</strong>
+<strong>Low: Elevated privileges</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5342" rel="nofollow">CVE-2007-5342</a>
</p>
@@ -1110,7 +1110,7 @@
<p>
-<strong>important: Information disclosure</strong>
+<strong>Important: Information disclosure</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5461" rel="nofollow">CVE-2007-5461</a>
</p>
@@ -1125,7 +1125,7 @@
<p>
-<strong>important: Data integrity</strong>
+<strong>Important: Data integrity</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6286" rel="nofollow">CVE-2007-6286</a>
</p>
@@ -1158,7 +1158,7 @@
<blockquote>
<p>
-<strong>low: Cross-site scripting</strong>
+<strong>Low: Cross-site scripting</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2449" rel="nofollow">CVE-2007-2449</a>
</p>
@@ -1176,7 +1176,7 @@
<p>
-<strong>low: Cross-site scripting</strong>
+<strong>Low: Cross-site scripting</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2450" rel="nofollow">CVE-2007-2450</a>
</p>
@@ -1192,7 +1192,7 @@
<p>
-<strong>low: Session hi-jacking</strong>
+<strong>Low: Session hi-jacking</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3382" rel="nofollow">CVE-2007-3382</a>
</p>
@@ -1206,7 +1206,7 @@
<p>
-<strong>low: Session hi-jacking</strong>
+<strong>Low: Session hi-jacking</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3385" rel="nofollow">CVE-2007-3385</a>
</p>
@@ -1220,7 +1220,7 @@
<p>
-<strong>low: Cross-site scripting</strong>
+<strong>Low: Cross-site scripting</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3386" rel="nofollow">CVE-2007-3386</a>
</p>
@@ -1253,7 +1253,7 @@
<blockquote>
<p>
-<strong>moderate: Cross-site scripting</strong>
+<strong>Moderate: Cross-site scripting</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1355" rel="nofollow">CVE-2007-1355</a>
</p>
@@ -1288,7 +1288,7 @@
<blockquote>
<p>
-<strong>important: Information disclosure</strong>
+<strong>Important: Information disclosure</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2090" rel="nofollow">CVE-2005-2090</a>
</p>
@@ -1328,7 +1328,7 @@
<blockquote>
<p>
-<strong>important: Directory traversal</strong>
+<strong>Important: Directory traversal</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0450" rel="nofollow">CVE-2007-0450</a>
</p>
@@ -1397,7 +1397,7 @@
<blockquote>
<p>
-<strong>low: Cross-site scripting</strong>
+<strong>Low: Cross-site scripting</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1358" rel="nofollow">CVE-2007-1358</a>
</p>
@@ -1435,7 +1435,7 @@
<blockquote>
<p>
-<strong>moderate: Session hi-jacking</strong>
+<strong>Moderate: Session hi-jacking</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0128" rel="nofollow">CVE-2008-0128</a>
</p>
@@ -1450,7 +1450,7 @@
<p>
-<strong>low: Information disclosure</strong>
+<strong>Low: Information disclosure</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4308" rel="nofollow">CVE-2008-4308</a>
</p>
@@ -1487,7 +1487,7 @@
<blockquote>
<p>
-<strong>moderate: Cross-site scripting</strong>
+<strong>Moderate: Cross-site scripting</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7195" rel="nofollow">CVE-2006-7195</a>
</p>
@@ -1520,7 +1520,7 @@
<blockquote>
<p>
-<strong>important: Information disclosure</strong>
+<strong>Important: Information disclosure</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1858" rel="nofollow">CVE-2007-1858</a>
</p>
@@ -1553,7 +1553,7 @@
<blockquote>
<p>
-<strong>low: Cross-site scripting</strong>
+<strong>Low: Cross-site scripting</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7196" rel="nofollow">CVE-2006-7196</a>
</p>
@@ -1586,7 +1586,7 @@
<blockquote>
<p>
-<strong>low: Directory listing</strong>
+<strong>Low: Directory listing</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3835" rel="nofollow">CVE-2006-3835</a>
</p>
@@ -1603,7 +1603,7 @@
<p>
-<strong>important: Denial of service</strong>
+<strong>Important: Denial of service</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3510" rel="nofollow">CVE-2005-3510</a>
</p>
@@ -1641,7 +1641,7 @@
<blockquote>
<p>
-<strong>low: Cross-site scripting</strong>
+<strong>Low: Cross-site scripting</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4838" rel="nofollow">CVE-2005-4838</a>
</p>
@@ -1674,7 +1674,7 @@
<blockquote>
<p>
-<strong>low: Information disclosure</strong>
+<strong>Low: Information disclosure</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3271" rel="nofollow">CVE-2008-3271</a>
</p>
@@ -1738,7 +1738,7 @@
<p>
-<strong>moderate: TLS SSL Man In The Middle</strong>
+<strong>Moderate: TLS SSL Man In The Middle</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555" rel="nofollow">CVE-2009-3555</a>
</p>
@@ -1802,7 +1802,7 @@
<p>
-<strong>important: Directory traversal</strong>
+<strong>Important: Directory traversal</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2938" rel="nofollow">CVE-2008-2938</a>
</p>
Modified: tomcat/site/trunk/docs/security-6.html
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-6.html?rev=1196781&r1=1196780&r2=1196781&view=diff
==============================================================================
--- tomcat/site/trunk/docs/security-6.html (original)
+++ tomcat/site/trunk/docs/security-6.html Wed Nov 2 19:48:05 2011
@@ -642,7 +642,7 @@
<p>
-<strong>low: Cross-site scripting</strong>
+<strong>Low: Cross-site scripting</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0013" rel="nofollow">CVE-2011-0013</a>
</p>
@@ -664,7 +664,7 @@
<p>
-<strong>moderate: Cross-site scripting</strong>
+<strong>Moderate: Cross-site scripting</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4172" rel="nofollow">CVE-2010-4172</a>
</p>
@@ -685,7 +685,7 @@
<p>
-<strong>low: SecurityManager file permission bypass</strong>
+<strong>Low: SecurityManager file permission bypass</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3718" rel="nofollow">CVE-2010-3718</a>
</p>
@@ -995,7 +995,7 @@
<p>
-<strong>low: Information disclosure</strong>
+<strong>Low: Information disclosure</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0580" rel="nofollow">CVE-2009-0580</a>
</p>
@@ -1017,7 +1017,7 @@
<p>
-<strong>low: Cross-site scripting</strong>
+<strong>Low: Cross-site scripting</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0781" rel="nofollow">CVE-2009-0781</a>
</p>
@@ -1038,7 +1038,7 @@
<p>
-<strong>low: Information disclosure</strong>
+<strong>Low: Information disclosure</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0783" rel="nofollow">CVE-2009-0783</a>
</p>
@@ -1091,7 +1091,7 @@
<p>
-<strong>low: Cross-site scripting</strong>
+<strong>Low: Cross-site scripting</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1232" rel="nofollow">CVE-2008-1232</a>
</p>
@@ -1115,7 +1115,7 @@
<p>
-<strong>low: Cross-site scripting</strong>
+<strong>Low: Cross-site scripting</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1947" rel="nofollow">CVE-2008-1947</a>
</p>
@@ -1138,7 +1138,7 @@
<p>
-<strong>important: Information disclosure</strong>
+<strong>Important: Information disclosure</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2370" rel="nofollow">CVE-2008-2370</a>
</p>
@@ -1181,7 +1181,7 @@
<blockquote>
<p>
-<strong>low: Session hi-jacking</strong>
+<strong>Low: Session hi-jacking</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5333" rel="nofollow">CVE-2007-5333</a>
</p>
@@ -1194,7 +1194,7 @@
<p>
-<strong>low: Elevated privileges</strong>
+<strong>Low: Elevated privileges</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5342" rel="nofollow">CVE-2007-5342</a>
</p>
@@ -1210,7 +1210,7 @@
<p>
-<strong>important: Information disclosure</strong>
+<strong>Important: Information disclosure</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5461" rel="nofollow">CVE-2007-5461</a>
</p>
@@ -1225,7 +1225,7 @@
<p>
-<strong>important: Data integrity</strong>
+<strong>Important: Data integrity</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6286" rel="nofollow">CVE-2007-6286</a>
</p>
@@ -1239,7 +1239,7 @@
<p>
-<strong>important: Information disclosure</strong>
+<strong>Important: Information disclosure</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0002" rel="nofollow">CVE-2008-0002</a>
</p>
@@ -1274,7 +1274,7 @@
<blockquote>
<p>
-<strong>low: Cross-site scripting</strong>
+<strong>Low: Cross-site scripting</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2449" rel="nofollow">CVE-2007-2449</a>
</p>
@@ -1292,7 +1292,7 @@
<p>
-<strong>low: Cross-site scripting</strong>
+<strong>Low: Cross-site scripting</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2450" rel="nofollow">CVE-2007-2450</a>
</p>
@@ -1308,7 +1308,7 @@
<p>
-<strong>low: Session hi-jacking</strong>
+<strong>Low: Session hi-jacking</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3382" rel="nofollow">CVE-2007-3382</a>
</p>
@@ -1322,7 +1322,7 @@
<p>
-<strong>low: Session hi-jacking</strong>
+<strong>Low: Session hi-jacking</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3385" rel="nofollow">CVE-2007-3385</a>
</p>
@@ -1336,7 +1336,7 @@
<p>
-<strong>low: Cross-site scripting</strong>
+<strong>Low: Cross-site scripting</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3386" rel="nofollow">CVE-2007-3386</a>
</p>
@@ -1369,7 +1369,7 @@
<blockquote>
<p>
-<strong>moderate: Cross-site scripting</strong>
+<strong>Moderate: Cross-site scripting</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1355" rel="nofollow">CVE-2007-1355</a>
</p>
@@ -1384,7 +1384,7 @@
<p>
-<strong>important: Information disclosure</strong>
+<strong>Important: Information disclosure</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2090" rel="nofollow">CVE-2005-2090</a>
</p>
@@ -1424,7 +1424,7 @@
<blockquote>
<p>
-<strong>important: Directory traversal</strong>
+<strong>Important: Directory traversal</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0450" rel="nofollow">CVE-2007-0450</a>
</p>
@@ -1488,7 +1488,7 @@
<blockquote>
<p>
-<strong>moderate: Session hi-jacking</strong>
+<strong>Moderate: Session hi-jacking</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0128" rel="nofollow">CVE-2008-0128</a>
</p>
@@ -1522,7 +1522,7 @@
<blockquote>
<p>
-<strong>low: Cross-site scripting</strong>
+<strong>Low: Cross-site scripting</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1358" rel="nofollow">CVE-2007-1358</a>
</p>
@@ -1587,7 +1587,7 @@
<p>
-<strong>moderate: TLS SSL Man In The Middle</strong>
+<strong>Moderate: TLS SSL Man In The Middle</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555" rel="nofollow">CVE-2009-3555</a>
</p>
@@ -1652,7 +1652,7 @@
<p>
-<strong>important: Directory traversal</strong>
+<strong>Important: Directory traversal</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2938" rel="nofollow">CVE-2008-2938</a>
</p>
Modified: tomcat/site/trunk/docs/security-7.html
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-7.html?rev=1196781&r1=1196780&r2=1196781&view=diff
==============================================================================
--- tomcat/site/trunk/docs/security-7.html (original)
+++ tomcat/site/trunk/docs/security-7.html Wed Nov 2 19:48:05 2011
@@ -850,7 +850,7 @@
<p>
-<strong>low: Cross-site scripting</strong>
+<strong>Low: Cross-site scripting</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0013" rel="nofollow">CVE-2011-0013</a>
</p>
@@ -893,7 +893,7 @@
<p>
-<strong>low: Cross-site scripting</strong>
+<strong>Low: Cross-site scripting</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4172" rel="nofollow">CVE-2010-4172</a>
</p>
@@ -936,7 +936,7 @@
<p>
-<strong>low: SecurityManager file permission bypass</strong>
+<strong>Low: SecurityManager file permission bypass</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3718" rel="nofollow">CVE-2010-3718</a>
</p>
@@ -1068,7 +1068,7 @@
<p>
-<strong>moderate: TLS SSL Man In The Middle</strong>
+<strong>Moderate: TLS SSL Man In The Middle</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555" rel="nofollow">CVE-2009-3555</a>
</p>
Modified: tomcat/site/trunk/docs/security-jk.html
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-jk.html?rev=1196781&r1=1196780&r2=1196781&view=diff
==============================================================================
--- tomcat/site/trunk/docs/security-jk.html (original)
+++ tomcat/site/trunk/docs/security-jk.html Wed Nov 2 19:48:05 2011
@@ -264,7 +264,7 @@
<blockquote>
<p>
-<strong>important: Information disclosure</strong>
+<strong>Important: Information disclosure</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5519" rel="nofollow">CVE-2008-5519</a>
</p>
@@ -304,7 +304,7 @@
<blockquote>
<p>
-<strong>important: Information disclosure</strong>
+<strong>Important: Information disclosure</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1860" rel="nofollow">CVE-2007-1860</a>
</p>
@@ -366,7 +366,7 @@
<blockquote>
<p>
-<strong>critical: Arbitrary code execution and denial of service</strong>
+<strong>Critical: Arbitrary code execution and denial of service</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0774" rel="nofollow">CVE-2007-0774</a>
</p>
@@ -401,7 +401,7 @@
<blockquote>
<p>
-<strong>important: Information disclosure</strong>
+<strong>Important: Information disclosure</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7197" rel="nofollow">CVE-2006-7197</a>
</p>
Modified: tomcat/site/trunk/xdocs/security-3.xml
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-3.xml?rev=1196781&r1=1196780&r2=1196781&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/security-3.xml (original)
+++ tomcat/site/trunk/xdocs/security-3.xml Wed Nov 2 19:48:05 2011
@@ -31,7 +31,7 @@
</section>
<section name="Not fixed in Apache Tomcat 3.x">
- <p><strong>important: Denial of service</strong>
+ <p><strong>Important: Denial of service</strong>
<cve>CVE-2005-0808</cve></p>
<p>Tomcat 3.x can be remotely caused to crash or shutdown by a connection
@@ -42,7 +42,7 @@
<p>Affects: 3.0, 3.1-3.1.1, 3.2-3.2.4, 3.3a-3.3.2</p>
- <p><strong>low: Session hi-jacking</strong>
+ <p><strong>Low: Session hi-jacking</strong>
<cve>CVE-2007-3382</cve></p>
<p>Tomcat incorrectly treated a single quote character (') in a cookie
@@ -51,7 +51,7 @@
<p>Affects: 3.3-3.3.2</p>
- <p><strong>low: Cross site scripting</strong>
+ <p><strong>Low: Cross site scripting</strong>
<cve>CVE-2007-3384</cve></p>
<p>When reporting error messages, Tomcat does not filter user supplied data
@@ -62,7 +62,7 @@
<p>Affects: 3.3-3.3.2</p>
- <p><strong>low: Session hi-jacking</strong>
+ <p><strong>Low: Session hi-jacking</strong>
<cve>CVE-2007-3385</cve></p>
<p>Tomcat incorrectly handled the character sequence \" in a cookie value.
@@ -74,7 +74,7 @@
</section>
<section name="Fixed in Apache Tomcat 3.3.2">
- <p><strong>moderate: Cross site scripting</strong>
+ <p><strong>Moderate: Cross site scripting</strong>
<cve>CVE-2003-0044</cve></p>
<p>The root web application and the examples web application contained a
@@ -86,7 +86,7 @@
</section>
<section name="Fixed in Apache Tomcat 3.3.1a">
- <p><strong>important: Information disclosure</strong>
+ <p><strong>Important: Information disclosure</strong>
<cve>CVE-2003-0043</cve></p>
<p>When used with JDK 1.3.1 or earlier, web.xml files were read with
@@ -95,7 +95,7 @@
<p>Affects: 3.0, 3.1-3.1.1, 3.2-3.2.4, 3.3a-3.3.1</p>
- <p><strong>important: Information disclosure</strong>
+ <p><strong>Important: Information disclosure</strong>
<cve>CVE-2003-0042</cve></p>
<p>URLs containing null characters could result in file contents being
@@ -106,7 +106,7 @@
</section>
<section name="Fixed in Apache Tomcat 3.3.1">
- <p><strong>important: Denial of service</strong>
+ <p><strong>Important: Denial of service</strong>
<cve>CVE-2003-0045</cve></p>
<p>JSP page names that match a Windows DOS device name, such as aux.jsp, may
@@ -118,7 +118,7 @@
</section>
<section name="Fixed in Apache Tomcat 3.3a">
- <p><strong>moderate: Information disclosure</strong>
+ <p><strong>Moderate: Information disclosure</strong>
<cve>CVE-2002-2007</cve></p>
<p>Non-standard requests to the sample applications installed by default
@@ -127,7 +127,7 @@
<p>Affects: 3.2.3-3.2.4</p>
- <p><strong>low: Information disclosure</strong>
+ <p><strong>Low: Information disclosure</strong>
<cve>CVE-2002-2006</cve>,
<cve>CVE-2000-0760</cve></p>
@@ -139,7 +139,7 @@
</section>
<section name="Fixed in Apache Tomcat 3.2.4">
- <p><strong>moderate: Information disclosure</strong>
+ <p><strong>Moderate: Information disclosure</strong>
<cve>CVE-2001-1563</cve><br/></p>
<p>No specifics are provided in the vulnerability report. This may be a
@@ -149,7 +149,7 @@
</section>
<section name="Fixed in Apache Tomcat 3.2.2">
- <p><strong>moderate: Cross site scripting</strong>
+ <p><strong>Moderate: Cross site scripting</strong>
<cve>CVE-2001-0829</cve></p>
<p>The default 404 error page does not escape URLs. This allows XSS
@@ -157,7 +157,7 @@
<p>Affects: 3.0, 3.1-3.1.1, 3.2-3.2.1</p>
- <p><strong>moderate: Information disclosure</strong>
+ <p><strong>Moderate: Information disclosure</strong>
<cve>CVE-2001-0590</cve></p>
<p>A specially crafted URL can be used to obtain the source for JSPs.</p>
@@ -166,7 +166,7 @@
</section>
<section name="Fixed in Apache Tomcat 3.2">
- <p><strong>low: Information disclosure</strong>
+ <p><strong>Low: Information disclosure</strong>
<cve>CVE-2000-0759</cve></p>
<p>Requesting a JSP that does not exist results in an error page that
@@ -174,7 +174,7 @@
<p>Affects: 3.1</p>
- <p><strong>important: Information disclosure</strong>
+ <p><strong>Important: Information disclosure</strong>
<cve>CVE-2000-0672</cve></p>
<p>Access to the admin context is not protected. This context allows an
@@ -186,7 +186,7 @@
</section>
<section name="Fixed in Apache Tomcat 3.1">
- <p><strong>important: Information disclosure</strong>
+ <p><strong>Important: Information disclosure</strong>
<cve>CVE-2000-1210</cve></p>
<p>source.jsp, provided as part of the examples, allows an attacker to read
Modified: tomcat/site/trunk/xdocs/security-4.xml
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-4.xml?rev=1196781&r1=1196780&r2=1196781&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/security-4.xml (original)
+++ tomcat/site/trunk/xdocs/security-4.xml Wed Nov 2 19:48:05 2011
@@ -35,7 +35,7 @@
</section>
<section name="Will not be fixed in Apache Tomcat 4.1.x">
- <p><strong>moderate: Information disclosure</strong>
+ <p><strong>Moderate: Information disclosure</strong>
<cve>CVE-2005-4836</cve></p>
<p>The deprecated HTTP/1.1 connector does not reject request URIs containing
@@ -79,7 +79,7 @@
<p>Affects: 4.1.0-4.1.39</p>
- <p><strong>low: Information disclosure</strong>
+ <p><strong>Low: Information disclosure</strong>
<cve>CVE-2009-0580</cve></p>
<p>Due to insufficient error checking in some authentication classes, Tomcat
@@ -94,7 +94,7 @@
<p>Affects: 4.1.0-4.1.39 (Memory Realm), 4.1.0-4.1.31 (JDBC Realm),
4.1.17-4.1.31 (DataSource Realm)</p>
- <p><strong>low: Cross-site scripting</strong>
+ <p><strong>Low: Cross-site scripting</strong>
<cve>CVE-2009-0781</cve></p>
<p>The calendar application in the examples web application contains an
@@ -105,7 +105,7 @@
<p>Affects: 4.1.0-4.1.39</p>
- <p><strong>low: Information disclosure</strong>
+ <p><strong>Low: Information disclosure</strong>
<cve>CVE-2009-0783</cve></p>
<p>Bugs <bug>29936</bug> and <bug>45933</bug>
@@ -123,7 +123,7 @@
<section name="Fixed in Apache Tomcat 4.1.39">
- <p><strong>moderate: Session hi-jacking</strong>
+ <p><strong>Moderate: Session hi-jacking</strong>
<cve>CVE-2008-0128</cve></p>
<p>When using the SingleSignOn Valve via https the Cookie JSESSIONIDSSO is
@@ -135,7 +135,7 @@
<p>Affects: 4.1.0-4.1.37</p>
- <p><strong>low: Cross-site scripting</strong>
+ <p><strong>Low: Cross-site scripting</strong>
<cve>CVE-2008-1232</cve></p>
<p>The message argument of HttpServletResponse.sendError() call is not only
@@ -150,7 +150,7 @@
<p>Affects: 4.1.0-4.1.37</p>
- <p><strong>important: Information disclosure</strong>
+ <p><strong>Important: Information disclosure</strong>
<cve>CVE-2008-2370</cve></p>
<p>When using a RequestDispatcher the target path was normalised before the
@@ -166,7 +166,7 @@
</section>
<section name="Fixed in Apache Tomcat 4.1.37">
- <p><strong>important: Information disclosure</strong>
+ <p><strong>Important: Information disclosure</strong>
<cve>CVE-2005-3164</cve></p>
<p>If a client specifies a Content-Length but disconnects before sending
@@ -177,7 +177,7 @@
<p>Affects: 4.0.1-4.0.6, 4.1.0-4.1.36</p>
- <p><strong>moderate: Cross-site scripting</strong>
+ <p><strong>Moderate: Cross-site scripting</strong>
<cve>CVE-2007-1355</cve></p>
<p>The JSP and Servlet included in the sample application within the Tomcat
@@ -187,7 +187,7 @@
<p>Affects: 4.0.1-4.0.6, 4.1.0-4.1.36</p>
- <p><strong>low: Cross-site scripting</strong>
+ <p><strong>Low: Cross-site scripting</strong>
<cve>CVE-2007-2449</cve></p>
<p>JSPs within the examples web application did not escape user provided
@@ -200,7 +200,7 @@
<p>Affects: 4.0.0-4.0.6, 4.1.0-4.1.36</p>
- <p><strong>low: Cross-site scripting</strong>
+ <p><strong>Low: Cross-site scripting</strong>
<cve>CVE-2007-2450</cve></p>
<p>The Manager web application did not escape user provided data before
@@ -211,7 +211,7 @@
<p>Affects: 4.0.1-4.0.6, 4.1.0-4.1.36</p>
- <p><strong>low: Session hi-jacking</strong>
+ <p><strong>Low: Session hi-jacking</strong>
<cve>CVE-2007-3382</cve></p>
<p>Tomcat incorrectly treated a single quote character (') in a cookie
@@ -220,7 +220,7 @@
<p>Affects: 4.1.0-4.1.36</p>
- <p><strong>low: Cross-site scripting</strong>
+ <p><strong>Low: Cross-site scripting</strong>
<cve>CVE-2007-3383</cve></p>
<p>When reporting error messages, the SendMailServlet (part of the examples
@@ -233,7 +233,7 @@
<p>Affects: 4.0.0-4.0.6, 4.1.0-4.1.36</p>
- <p><strong>low: Session hi-jacking</strong>
+ <p><strong>Low: Session hi-jacking</strong>
<cve>CVE-2007-3385</cve></p>
<p>Tomcat incorrectly handled the character sequence \" in a cookie value.
@@ -242,7 +242,7 @@
<p>Affects: 4.1.0-4.1.36</p>
- <p><strong>low: Session hi-jacking</strong>
+ <p><strong>Low: Session hi-jacking</strong>
<cve>CVE-2007-5333</cve></p>
<p>The previous fix for
@@ -251,7 +251,7 @@
<p>Affects: 4.1.0-4.1.36</p>
- <p><strong>important: Information disclosure</strong>
+ <p><strong>Important: Information disclosure</strong>
<cve>CVE-2007-5461</cve></p>
<p>When Tomcat's WebDAV servlet is configured for use with a context and
@@ -264,7 +264,7 @@
</section>
<section name="Fixed in Apache Tomcat 4.1.36">
- <p><strong>important: Information disclosure</strong>
+ <p><strong>Important: Information disclosure</strong>
<cve>CVE-2005-2090</cve></p>
<p>Requests with multiple content-length headers should be rejected as
@@ -280,7 +280,7 @@
<p>Affects: 4.0.0-4.0.6, 4.1.0-4.1.34</p>
- <p><strong>important: Directory traversal</strong>
+ <p><strong>Important: Directory traversal</strong>
<cve>CVE-2007-0450</cve></p>
<p>The fix for this issue was insufficient. A fix was also required in the
@@ -317,7 +317,7 @@
<p>Affects: 4.0.0-4.0.6, 4.1.0-4.1.34</p>
- <p><strong>low: Cross-site scripting</strong>
+ <p><strong>Low: Cross-site scripting</strong>
<cve>CVE-2007-1358</cve></p>
<p>Web pages that display the Accept-Language header value sent by the
@@ -334,7 +334,7 @@
<section name="Fixed in Apache Tomcat 4.1.35">
- <p><strong>low: Information disclosure</strong>
+ <p><strong>Low: Information disclosure</strong>
<cve>CVE-2008-4308</cve></p>
<p><a href="https://issues.apache.org/bugzilla/show_bug.cgi?id=40771">Bug
@@ -349,7 +349,7 @@
<section name="Fixed in Apache Tomcat 4.1.32">
- <p><strong>low: Information disclosure</strong>
+ <p><strong>Low: Information disclosure</strong>
<cve>CVE-2008-3271</cve></p>
<p><a href="https://issues.apache.org/bugzilla/show_bug.cgi?id=25835">
@@ -361,7 +361,7 @@
<p>Affects: 4.1.0-4.1.31</p>
- <p><strong>important: Information disclosure</strong>
+ <p><strong>Important: Information disclosure</strong>
<cve>CVE-2007-1858</cve></p>
<p>The default SSL configuration permitted the use of insecure cipher suites
@@ -370,7 +370,7 @@
<p>Affects: 4.1.28-4.1.31</p>
- <p><strong>low: Cross-site scripting</strong>
+ <p><strong>Low: Cross-site scripting</strong>
<cve>CVE-2006-7196</cve></p>
<p>The calendar application included as part of the JSP examples is
@@ -379,7 +379,7 @@
<p>Affects: 4.0.0-4.0.6, 4.1.0-4.1.31</p>
- <p><strong>low: Directory listing</strong>
+ <p><strong>Low: Directory listing</strong>
<cve>CVE-2006-3835</cve></p>
<p>This is expected behaviour when directory listings are enabled. The
@@ -391,7 +391,7 @@
<p>Affects: 4.0.0-4.0.6, 4.1.0-4.1.31</p>
- <p><strong>low: Cross-site scripting</strong>
+ <p><strong>Low: Cross-site scripting</strong>
<cve>CVE-2005-4838</cve></p>
<p>Various JSPs included as part of the JSP examples and the Tomcat Manager
@@ -400,7 +400,7 @@
<p>Affects: 4.0.0-4.0.6, 4.1.0-4.1.31</p>
- <p><strong>important: Denial of service</strong>
+ <p><strong>Important: Denial of service</strong>
<cve>CVE-2005-3510</cve></p>
<p>The root cause is the relatively expensive calls required to generate
@@ -416,7 +416,7 @@
</section>
<section name="Fixed in Apache Tomcat 4.1.29">
- <p><strong>moderate: Cross-site scripting</strong>
+ <p><strong>Moderate: Cross-site scripting</strong>
<cve>CVE-2002-1567</cve></p>
<p>The unmodified requested URL is included in the 404 response header. The
@@ -430,7 +430,7 @@
</section>
<section name="Fixed in Apache Tomcat 4.1.13, 4.0.6">
- <p><strong>important: Information disclosure</strong>
+ <p><strong>Important: Information disclosure</strong>
<cve>CVE-2002-1394</cve></p>
<p>A specially crafted URL using the invoker servlet in conjunction with the
@@ -442,7 +442,7 @@
<p>Affects: 4.0.0-4.0.5, 4.1.0-4.1.12</p>
- <p><strong>moderate: Cross-site scripting</strong>
+ <p><strong>Moderate: Cross-site scripting</strong>
<cve>CVE-2002-0682</cve></p>
<p>A specially crafted URL using the invoker servlet and various internal
@@ -453,7 +453,7 @@
</section>
<section name="Fixed in Apache Tomcat 4.1.12, 4.0.5">
- <p><strong>important: Information disclosure</strong>
+ <p><strong>Important: Information disclosure</strong>
<cve>CVE-2002-1148</cve></p>
<p>A specially crafted URL using the default servlet can enable an attacker
@@ -463,7 +463,7 @@
</section>
<section name="Fixed in Apache Tomcat 4.1.3">
- <p><strong>important: Denial of service</strong>
+ <p><strong>Important: Denial of service</strong>
<cve>CVE-2002-0935</cve></p>
<p>A malformed HTTP request can cause the request processing thread to
@@ -475,7 +475,7 @@
</section>
<section name="Fixed in Apache Tomcat 4.1.0">
- <p><strong>important: Denial of service</strong>
+ <p><strong>Important: Denial of service</strong>
<cve>CVE-2003-0866</cve></p>
<p>A malformed HTTP request can cause the request processing thread to
@@ -484,7 +484,7 @@
<p>Affects: 4.0.0-4.0.6</p>
- <p><strong>low: Information disclosure</strong>
+ <p><strong>Low: Information disclosure</strong>
<cve>CVE-2002-2006</cve></p>
<p>The snoop and trouble shooting servlets installed as part of the examples
@@ -495,7 +495,7 @@
</section>
<section name="Fixed in Apache Tomcat 4.0.2">
- <p><strong>low: Information disclosure</strong>
+ <p><strong>Low: Information disclosure</strong>
<cve>CVE-2002-2009</cve>,
<cve>CVE-2001-0917</cve></p>
@@ -508,7 +508,7 @@
</section>
<section name="Fixed in Apache Tomcat 4.0.0">
- <p><strong>moderate: Security manager bypass</strong>
+ <p><strong>Moderate: Security manager bypass</strong>
<cve>CVE-2002-0493</cve></p>
<p>If errors are encountered during the parsing of web.xml and Tomcat is
@@ -519,7 +519,7 @@
</section>
<section name="Unverified">
- <p><strong>low: Installation path disclosure</strong>
+ <p><strong>Low: Installation path disclosure</strong>
<cve>CVE-2005-4703</cve>,
<cve>CVE-2002-2008</cve></p>
@@ -532,7 +532,7 @@
<p>Affects: 4.0.3?</p>
- <p><strong>important: Denial of service</strong>
+ <p><strong>Important: Denial of service</strong>
<cve>CVE-2002-1895</cve></p>
<p>This issue only affects configurations that use IIS in conjunction with
@@ -545,7 +545,7 @@
</section>
<section name="Not a vulnerability in Tomcat">
- <p><strong>important: Directory traversal</strong>
+ <p><strong>Important: Directory traversal</strong>
<cve>CVE-2008-2938</cve></p>
<p>Originally reported as a Tomcat vulnerability the root cause of this
Modified: tomcat/site/trunk/xdocs/security-5.xml
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-5.xml?rev=1196781&r1=1196780&r2=1196781&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/security-5.xml (original)
+++ tomcat/site/trunk/xdocs/security-5.xml Wed Nov 2 19:48:05 2011
@@ -221,7 +221,7 @@
<section name="Fixed in Apache Tomcat 5.5.32" rtext="released 1 Feb 2011">
- <p><strong>low: Cross-site scripting</strong>
+ <p><strong>Low: Cross-site scripting</strong>
<cve>CVE-2011-0013</cve></p>
<p>The HTML Manager interface displayed web application provided data, such
@@ -240,7 +240,7 @@
<section name="Fixed in Apache Tomcat 5.5.30" rtext="released 9 Jul 2010">
- <p><strong>low: SecurityManager file permission bypass</strong>
+ <p><strong>Low: SecurityManager file permission bypass</strong>
<cve>CVE-2010-3718</cve></p>
<p>When running under a SecurityManager, access to the file system is
@@ -407,7 +407,7 @@
<p>Affects: 5.5.0-5.5.27</p>
- <p><strong>low: Information disclosure</strong>
+ <p><strong>Low: Information disclosure</strong>
<cve>CVE-2009-0580</cve></p>
<p>Due to insufficient error checking in some authentication classes, Tomcat
@@ -425,7 +425,7 @@
<p>Affects: 5.5.0-5.5.27 (Memory Realm), 5.5.0-5.5.5 (DataSource and JDBC
Realms)</p>
- <p><strong>low: Cross-site scripting</strong>
+ <p><strong>Low: Cross-site scripting</strong>
<cve>CVE-2009-0781</cve></p>
<p>The calendar application in the examples web application contains an
@@ -439,7 +439,7 @@
<p>Affects: 5.5.0-5.5.27</p>
- <p><strong>low: Information disclosure</strong>
+ <p><strong>Low: Information disclosure</strong>
<cve>CVE-2009-0783</cve></p>
<p>Bugs <bug>29936</bug> and <bug>45933</bug> allowed a web application
@@ -460,7 +460,7 @@
</section>
<section name="Fixed in Apache Tomcat 5.5.27" rtext="released 8 Sep 2008">
- <p><strong>low: Cross-site scripting</strong>
+ <p><strong>Low: Cross-site scripting</strong>
<cve>CVE-2008-1232</cve></p>
<p>The message argument of HttpServletResponse.sendError() call is not only
@@ -478,7 +478,7 @@
<p>Affects: 5.5.0-5.5.26</p>
- <p><strong>low: Cross-site scripting</strong>
+ <p><strong>Low: Cross-site scripting</strong>
<cve>CVE-2008-1947</cve></p>
<p>The Host Manager web application did not escape user provided data before
@@ -494,7 +494,7 @@
<p>Affects: 5.5.9-5.5.26</p>
- <p><strong>important: Information disclosure</strong>
+ <p><strong>Important: Information disclosure</strong>
<cve>CVE-2008-2370</cve></p>
<p>When using a RequestDispatcher the target path was normalised before the
@@ -513,7 +513,7 @@
</section>
<section name="Fixed in Apache Tomcat 5.5.26" rtext="released 5 Feb 2008">
- <p><strong>low: Session hi-jacking</strong>
+ <p><strong>Low: Session hi-jacking</strong>
<cve>CVE-2007-5333</cve></p>
<p>The previous fix for <cve>CVE-2007-3385</cve> was incomplete. It did
@@ -521,7 +521,7 @@
<p>Affects: 5.5.0-5.5.25</p>
- <p><strong>low: Elevated privileges</strong>
+ <p><strong>Low: Elevated privileges</strong>
<cve>CVE-2007-5342</cve></p>
<p>The JULI logging component allows web applications to provide their own
@@ -532,7 +532,7 @@
<p>Affects: 5.5.9-5.5.25</p>
- <p><strong>important: Information disclosure</strong>
+ <p><strong>Important: Information disclosure</strong>
<cve>CVE-2007-5461</cve></p>
<p>When Tomcat's WebDAV servlet is configured for use with a context and
@@ -542,7 +542,7 @@
<p>Affects: 5.5.0-5.5.25</p>
- <p><strong>important: Data integrity</strong>
+ <p><strong>Important: Data integrity</strong>
<cve>CVE-2007-6286</cve></p>
<p>When using the native (APR based) connector, connecting to the SSL port
@@ -554,7 +554,7 @@
<section name="Fixed in Apache Tomcat 5.5.25, 5.0.SVN"
rtext="released 8 Sep 2007">
- <p><strong>low: Cross-site scripting</strong>
+ <p><strong>Low: Cross-site scripting</strong>
<cve>CVE-2007-2449</cve></p>
<p>JSPs within the examples web application did not escape user provided
@@ -567,7 +567,7 @@
<p>Affects: 5.0.0-5.0.30, 5.5.0-5.5.24</p>
- <p><strong>low: Cross-site scripting</strong>
+ <p><strong>Low: Cross-site scripting</strong>
<cve>CVE-2007-2450</cve></p>
<p>The Manager and Host Manager web applications did not escape user
@@ -578,7 +578,7 @@
<p>Affects: 5.0.0-5.0.30, 5.5.0-5.5.24</p>
- <p><strong>low: Session hi-jacking</strong>
+ <p><strong>Low: Session hi-jacking</strong>
<cve>CVE-2007-3382</cve></p>
<p>Tomcat incorrectly treated a single quote character (') in a cookie
@@ -587,7 +587,7 @@
<p>Affects: 5.0.0-5.0.30, 5.5.0-5.5.24</p>
- <p><strong>low: Session hi-jacking</strong>
+ <p><strong>Low: Session hi-jacking</strong>
<cve>CVE-2007-3385</cve></p>
<p>Tomcat incorrectly handled the character sequence \" in a cookie value.
@@ -596,7 +596,7 @@
<p>Affects: 5.0.0-5.0.30, 5.5.0-5.5.24</p>
- <p><strong>low: Cross-site scripting</strong>
+ <p><strong>Low: Cross-site scripting</strong>
<cve>CVE-2007-3386</cve></p>
<p>The Host Manager Servlet did not filter user supplied data before
@@ -607,7 +607,7 @@
</section>
<section name="Fixed in Apache Tomcat 5.5.24, 5.0.SVN" rtext="Not released">
- <p><strong>moderate: Cross-site scripting</strong>
+ <p><strong>Moderate: Cross-site scripting</strong>
<cve>CVE-2007-1355</cve></p>
<p>The JSP and Servlet included in the sample application within the Tomcat
@@ -621,7 +621,7 @@
<section name="Fixed in Apache Tomcat 5.5.23, 5.0.SVN"
rtext="released 9 Mar 2007">
- <p><strong>important: Information disclosure</strong>
+ <p><strong>Important: Information disclosure</strong>
<cve>CVE-2005-2090</cve></p>
<p>Requests with multiple content-length headers should be rejected as
@@ -639,7 +639,7 @@
</section>
<section name="Fixed in Apache Tomcat 5.5.22, 5.0.SVN" rtext="not released">
- <p><strong>important: Directory traversal</strong>
+ <p><strong>Important: Directory traversal</strong>
<cve>CVE-2007-0450</cve></p>
<p>The fix for this issue was insufficient. A fix was also required in the
@@ -675,7 +675,7 @@
</section>
<section name="Fixed in Apache Tomcat 5.5.21, 5.0.SVN" rtext="not released">
- <p><strong>low: Cross-site scripting</strong>
+ <p><strong>Low: Cross-site scripting</strong>
<cve>CVE-2007-1358</cve></p>
<p>Web pages that display the Accept-Language header value sent by the
@@ -691,7 +691,7 @@
</section>
<section name="Fixed in Apache Tomcat 5.5.21" rtext="not released">
- <p><strong>moderate: Session hi-jacking</strong>
+ <p><strong>Moderate: Session hi-jacking</strong>
<cve>CVE-2008-0128</cve></p>
<p>When using the SingleSignOn Valve via https the Cookie JSESSIONIDSSO is
@@ -701,7 +701,7 @@
<p>Affects: 5.0.0-5.0.SVN, 5.5.0-5.5.20</p>
- <p><strong>low: Information disclosure</strong>
+ <p><strong>Low: Information disclosure</strong>
<cve>CVE-2008-4308</cve></p>
<p><a href="https://issues.apache.org/bugzilla/show_bug.cgi?id=40771">Bug
@@ -715,7 +715,7 @@
</section>
<section name="Fixed in Apache Tomcat 5.5.18, 5.0.SVN" rtext="not released">
- <p><strong>moderate: Cross-site scripting</strong>
+ <p><strong>Moderate: Cross-site scripting</strong>
<cve>CVE-2006-7195</cve></p>
<p>The implicit-objects.jsp in the examples webapp displayed a number of
@@ -727,7 +727,7 @@
<section name="Fixed in Apache Tomcat 5.5.17, 5.0.SVN"
rtext="released 27 Apr 2006">
- <p><strong>important: Information disclosure</strong>
+ <p><strong>Important: Information disclosure</strong>
<cve>CVE-2007-1858</cve></p>
<p>The default SSL configuration permitted the use of insecure cipher suites
@@ -739,7 +739,7 @@
<section name="Fixed in Apache Tomcat 5.5.16, 5.0.SVN"
rtext="released 15 Mar 2006">
- <p><strong>low: Cross-site scripting</strong>
+ <p><strong>Low: Cross-site scripting</strong>
<cve>CVE-2006-7196</cve></p>
<p>The calendar application included as part of the JSP examples is
@@ -751,7 +751,7 @@
<section name="Fixed in Apache Tomcat 5.5.13, 5.0.SVN">
- <p><strong>low: Directory listing</strong>
+ <p><strong>Low: Directory listing</strong>
<cve>CVE-2006-3835</cve></p>
<p>This is expected behaviour when directory listings are enabled. The
@@ -763,7 +763,7 @@
<p>Affects: 5.0.0-5.0.30, 5.5.0-5.5.12</p>
- <p><strong>important: Denial of service</strong>
+ <p><strong>Important: Denial of service</strong>
<cve>CVE-2005-3510</cve></p>
<p>The root cause is the relatively expensive calls required to generate
@@ -779,7 +779,7 @@
</section>
<section name="Fixed in Apache Tomcat 5.5.7, 5.0.SVN">
- <p><strong>low: Cross-site scripting</strong>
+ <p><strong>Low: Cross-site scripting</strong>
<cve>CVE-2005-4838</cve></p>
<p>Various JSPs included as part of the JSP examples and the Tomcat Manager
@@ -790,7 +790,7 @@
</section>
<section name="Fixed in Apache Tomcat 5.5.1">
- <p><strong>low: Information disclosure</strong>
+ <p><strong>Low: Information disclosure</strong>
<cve>CVE-2008-3271</cve></p>
<p><a href="https://issues.apache.org/bugzilla/show_bug.cgi?id=25835">
@@ -824,7 +824,7 @@
<p>Affects: 5.5.0-5.5.32</p>
- <p><strong>moderate: TLS SSL Man In The Middle</strong>
+ <p><strong>Moderate: TLS SSL Man In The Middle</strong>
<cve>CVE-2009-3555</cve></p>
<p>A vulnerability exists in the TLS protocol that allows an attacker to
@@ -874,7 +874,7 @@
</li>
</ul>
- <p><strong>important: Directory traversal</strong>
+ <p><strong>Important: Directory traversal</strong>
<cve>CVE-2008-2938</cve></p>
<p>Originally reported as a Tomcat vulnerability the root cause of this
Modified: tomcat/site/trunk/xdocs/security-6.xml
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-6.xml?rev=1196781&r1=1196780&r2=1196781&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/security-6.xml (original)
+++ tomcat/site/trunk/xdocs/security-6.xml Wed Nov 2 19:48:05 2011
@@ -234,7 +234,7 @@
<section name="Fixed in Apache Tomcat 6.0.30" rtext="released 13 Jan 2011">
- <p><strong>low: Cross-site scripting</strong>
+ <p><strong>Low: Cross-site scripting</strong>
<cve>CVE-2011-0013</cve></p>
<p>The HTML Manager interface displayed web application provided data, such
@@ -249,7 +249,7 @@
<p>Affects: 6.0.0-6.0.29</p>
- <p><strong>moderate: Cross-site scripting</strong>
+ <p><strong>Moderate: Cross-site scripting</strong>
<cve>CVE-2010-4172</cve></p>
<p>The Manager application used the user provided parameters sort and
@@ -263,7 +263,7 @@
<p>Affects: 6.0.12-6.0.29</p>
- <p><strong>low: SecurityManager file permission bypass</strong>
+ <p><strong>Low: SecurityManager file permission bypass</strong>
<cve>CVE-2010-3718</cve></p>
<p>When running under a SecurityManager, access to the file system is
@@ -450,7 +450,7 @@
<p>Affects: 6.0.0-6.0.18</p>
- <p><strong>low: Information disclosure</strong>
+ <p><strong>Low: Information disclosure</strong>
<cve>CVE-2009-0580</cve></p>
<p>Due to insufficient error checking in some authentication classes, Tomcat
@@ -465,7 +465,7 @@
<p>Affects: 6.0.0-6.0.18</p>
- <p><strong>low: Cross-site scripting</strong>
+ <p><strong>Low: Cross-site scripting</strong>
<cve>CVE-2009-0781</cve></p>
<p>The calendar application in the examples web application contains an
@@ -479,7 +479,7 @@
<p>Affects: 6.0.0-6.0.18</p>
- <p><strong>low: Information disclosure</strong>
+ <p><strong>Low: Information disclosure</strong>
<cve>CVE-2009-0783</cve></p>
<p>Bugs <bug>29936</bug> and <bug>45933</bug> allowed a web application
@@ -505,7 +505,7 @@
must download 6.0.18 to obtain a version that includes fixes for these
issues, 6.0.17 is not included in the list of affected versions.</i></p>
- <p><strong>low: Cross-site scripting</strong>
+ <p><strong>Low: Cross-site scripting</strong>
<cve>CVE-2008-1232</cve></p>
<p>The message argument of HttpServletResponse.sendError() call is not only
@@ -522,7 +522,7 @@
made public on 1 Aug 2008.</p>
<p>Affects: 6.0.0-6.0.16</p>
- <p><strong>low: Cross-site scripting</strong>
+ <p><strong>Low: Cross-site scripting</strong>
<cve>CVE-2008-1947</cve></p>
<p>The Host Manager web application did not escape user provided data before
@@ -538,7 +538,7 @@
<p>Affects: 6.0.0-6.0.16</p>
- <p><strong>important: Information disclosure</strong>
+ <p><strong>Important: Information disclosure</strong>
<cve>CVE-2008-2370</cve></p>
<p>When using a RequestDispatcher the target path was normalised before the
@@ -558,7 +558,7 @@
<section name="Fixed in Apache Tomcat 6.0.16" rtext="released 8 Feb 2008">
- <p><strong>low: Session hi-jacking</strong>
+ <p><strong>Low: Session hi-jacking</strong>
<cve>CVE-2007-5333</cve></p>
<p>The previous fix for <cve>CVE-2007-3385</cve> was incomplete. It did
@@ -566,7 +566,7 @@
<p>Affects: 6.0.0-6.0.14</p>
- <p><strong>low: Elevated privileges</strong>
+ <p><strong>Low: Elevated privileges</strong>
<cve>CVE-2007-5342</cve></p>
<p>The JULI logging component allows web applications to provide their own
@@ -577,7 +577,7 @@
<p>Affects: 6.0.0-6.0.15</p>
- <p><strong>important: Information disclosure</strong>
+ <p><strong>Important: Information disclosure</strong>
<cve>CVE-2007-5461</cve></p>
<p>When Tomcat's WebDAV servlet is configured for use with a context and
@@ -587,7 +587,7 @@
<p>Affects: 6.0.0-6.0.14</p>
- <p><strong>important: Data integrity</strong>
+ <p><strong>Important: Data integrity</strong>
<cve>CVE-2007-6286</cve></p>
<p>When using the native (APR based) connector, connecting to the SSL port
@@ -596,7 +596,7 @@
<p>Affects: 6.0.0-6.0.15</p>
- <p><strong>important: Information disclosure</strong>
+ <p><strong>Important: Information disclosure</strong>
<cve>CVE-2008-0002</cve></p>
<p>If an exception occurs during the processing of parameters (eg if the
@@ -609,7 +609,7 @@
</section>
<section name="Fixed in Apache Tomcat 6.0.14" rtext="released 13 Aug 2007">
- <p><strong>low: Cross-site scripting</strong>
+ <p><strong>Low: Cross-site scripting</strong>
<cve>CVE-2007-2449</cve></p>
<p>JSPs within the examples web application did not escape user provided
@@ -622,7 +622,7 @@
<p>Affects: 6.0.0-6.0.13</p>
- <p><strong>low: Cross-site scripting</strong>
+ <p><strong>Low: Cross-site scripting</strong>
<cve>CVE-2007-2450</cve></p>
<p>The Manager and Host Manager web applications did not escape user
@@ -633,7 +633,7 @@
<p>Affects: 6.0.0-6.0.13</p>
- <p><strong>low: Session hi-jacking</strong>
+ <p><strong>Low: Session hi-jacking</strong>
<cve>CVE-2007-3382</cve></p>
<p>Tomcat incorrectly treated a single quote character (') in a cookie
@@ -642,7 +642,7 @@
<p>Affects: 6.0.0-6.0.13</p>
- <p><strong>low: Session hi-jacking</strong>
+ <p><strong>Low: Session hi-jacking</strong>
<cve>CVE-2007-3385</cve></p>
<p>Tomcat incorrectly handled the character sequence \" in a cookie value.
@@ -651,7 +651,7 @@
<p>Affects: 6.0.0-6.0.13</p>
- <p><strong>low: Cross-site scripting</strong>
+ <p><strong>Low: Cross-site scripting</strong>
<cve>CVE-2007-3386</cve></p>
<p>The Host Manager Servlet did not filter user supplied data before
@@ -662,7 +662,7 @@
</section>
<section name="Fixed in Apache Tomcat 6.0.11" rtext="not released">
- <p><strong>moderate: Cross-site scripting</strong>
+ <p><strong>Moderate: Cross-site scripting</strong>
<cve>CVE-2007-1355</cve></p>
<p>The JSP and Servlet included in the sample application within the Tomcat
@@ -672,7 +672,7 @@
<p>Affects: 6.0.0-6.0.10</p>
- <p><strong>important: Information disclosure</strong>
+ <p><strong>Important: Information disclosure</strong>
<cve>CVE-2005-2090</cve></p>
<p>Requests with multiple content-length headers should be rejected as
@@ -690,7 +690,7 @@
</section>
<section name="Fixed in Apache Tomcat 6.0.10" rtext="released 28 Feb 2007">
- <p><strong>important: Directory traversal</strong>
+ <p><strong>Important: Directory traversal</strong>
<cve>CVE-2007-0450</cve></p>
<p>Tomcat permits '\', '%2F' and '%5C' as path delimiters. When Tomcat is used
@@ -722,7 +722,7 @@
</section>
<section name="Fixed in Apache Tomcat 6.0.9" rtext="released 8 Feb 2007">
- <p><strong>moderate: Session hi-jacking</strong>
+ <p><strong>Moderate: Session hi-jacking</strong>
<cve>CVE-2008-0128</cve></p>
<p>When using the SingleSignOn Valve via https the Cookie JSESSIONIDSSO is
@@ -734,7 +734,7 @@
</section>
<section name="Fixed in Apache Tomcat 6.0.6" rtext="released 18 Dec 2006">
- <p><strong>low: Cross-site scripting</strong>
+ <p><strong>Low: Cross-site scripting</strong>
<cve>CVE-2007-1358</cve></p>
<p>Web pages that display the Accept-Language header value sent by the
@@ -770,7 +770,7 @@
<p>Affects: 6.0.0-6.0.31</p>
- <p><strong>moderate: TLS SSL Man In The Middle</strong>
+ <p><strong>Moderate: TLS SSL Man In The Middle</strong>
<cve>CVE-2009-3555</cve></p>
<p>A vulnerability exists in the TLS protocol that allows an attacker to
@@ -821,7 +821,7 @@
</li>
</ul>
- <p><strong>important: Directory traversal</strong>
+ <p><strong>Important: Directory traversal</strong>
<cve>CVE-2008-2938</cve></p>
<p>Originally reported as a Tomcat vulnerability the root cause of this
Modified: tomcat/site/trunk/xdocs/security-7.xml
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-7.xml?rev=1196781&r1=1196780&r2=1196781&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/security-7.xml (original)
+++ tomcat/site/trunk/xdocs/security-7.xml Wed Nov 2 19:48:05 2011
@@ -344,7 +344,7 @@
<section name="Fixed in Apache Tomcat 7.0.6" rtext="released 14 Jan 2011">
- <p><strong>low: Cross-site scripting</strong>
+ <p><strong>Low: Cross-site scripting</strong>
<cve>CVE-2011-0013</cve></p>
<p>The HTML Manager interface displayed web application provided data, such
@@ -363,7 +363,7 @@
<section name="Fixed in Apache Tomcat 7.0.5" rtext="released 1 Dec 2010">
- <p><strong>low: Cross-site scripting</strong>
+ <p><strong>Low: Cross-site scripting</strong>
<cve>CVE-2010-4172</cve></p>
<p>The Manager application used the user provided parameters sort and
@@ -382,7 +382,7 @@
<section name="Fixed in Apache Tomcat 7.0.4" rtext="released 21 Oct 2010">
- <p><strong>low: SecurityManager file permission bypass</strong>
+ <p><strong>Low: SecurityManager file permission bypass</strong>
<cve>CVE-2010-3718</cve></p>
<p>When running under a SecurityManager, access to the file system is
@@ -456,7 +456,7 @@
<p>Affects: 7.0.0-7.0.6</p>
- <p><strong>moderate: TLS SSL Man In The Middle</strong>
+ <p><strong>Moderate: TLS SSL Man In The Middle</strong>
<cve>CVE-2009-3555</cve></p>
<p>A vulnerability exists in the TLS protocol that allows an attacker to
Modified: tomcat/site/trunk/xdocs/security-jk.xml
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-jk.xml?rev=1196781&r1=1196780&r2=1196781&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/security-jk.xml (original)
+++ tomcat/site/trunk/xdocs/security-jk.xml Wed Nov 2 19:48:05 2011
@@ -29,7 +29,7 @@
</section>
<section name="Fixed in Apache Tomcat JK Connector 1.2.27">
- <p><strong>important: Information disclosure</strong>
+ <p><strong>Important: Information disclosure</strong>
<cve>CVE-2008-5519</cve></p>
<p>Situations where faulty clients set Content-Length without providing
@@ -46,7 +46,7 @@
</section>
<section name="Fixed in Apache Tomcat JK Connector 1.2.23">
- <p><strong>important: Information disclosure</strong>
+ <p><strong>Important: Information disclosure</strong>
<cve>CVE-2007-1860</cve></p>
<p>The issue is related to
@@ -83,7 +83,7 @@
</section>
<section name="Fixed in Apache Tomcat JK Connector 1.2.21">
- <p><strong>critical: Arbitrary code execution and denial of service</strong>
+ <p><strong>Critical: Arbitrary code execution and denial of service</strong>
<cve>CVE-2007-0774</cve></p>
<p>An unsafe memory copy in the URI handler for the native JK connector
@@ -96,7 +96,7 @@
</section>
<section name="Fixed in Apache Tomcat JK Connector 1.2.16">
- <p><strong>important: Information disclosure</strong>
+ <p><strong>Important: Information disclosure</strong>
<cve>CVE-2006-7197</cve></p>
<p>The Tomcat AJP connector contained a bug that sometimes set a too long
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org