You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by kk...@apache.org on 2010/03/04 16:26:33 UTC
svn commit: r919020 - in /tomcat/site/trunk: docs/security-5.html
xdocs/security-5.xml
Author: kkolinko
Date: Thu Mar 4 15:26:32 2010
New Revision: 919020
URL: http://svn.apache.org/viewvc?rev=919020&view=rev
Log:
update the security page,
because the fix for CVE-2009-3548 was applied to 5.5
Modified:
tomcat/site/trunk/docs/security-5.html
tomcat/site/trunk/xdocs/security-5.xml
Modified: tomcat/site/trunk/docs/security-5.html
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-5.html?rev=919020&r1=919019&r2=919020&view=diff
==============================================================================
--- tomcat/site/trunk/docs/security-5.html (original)
+++ tomcat/site/trunk/docs/security-5.html Thu Mar 4 15:26:32 2010
@@ -3,18 +3,18 @@
<html>
<head>
<title>Apache Tomcat - Apache Tomcat 5.x vulnerabilities</title>
-<meta name="author" content="Apache Tomcat Project"/>
-<link type="text/css" href="stylesheets/tomcat.css" rel="stylesheet"/>
-<link type="text/css" href="stylesheets/tomcat-printer.css" rel="stylesheet" media="print"/>
+<meta content="Apache Tomcat Project" name="author" />
+<link rel="stylesheet" href="stylesheets/tomcat.css" type="text/css" />
+<link media="print" rel="stylesheet" href="stylesheets/tomcat-printer.css" type="text/css" />
</head>
-<body bgcolor="#ffffff" text="#000000" link="#525D76" alink="#525D76" vlink="#525D76">
-<table border="0" width="100%" cellspacing="0">
+<body vlink="#525D76" alink="#525D76" link="#525D76" text="#000000" bgcolor="#ffffff">
+<table cellspacing="0" width="100%" border="0">
<!--PAGE HEADER-->
<tr>
<td>
<!--PROJECT LOGO-->
<a href="http://tomcat.apache.org/">
-<img src="./images/tomcat10.jpg" align="left" alt="Tomcat Logo" border="0"/>
+<img border="0" alt="Tomcat Logo" align="left" src="./images/tomcat10.jpg" />
</a>
</td>
<td>
@@ -25,28 +25,28 @@
<td>
<!--APACHE LOGO-->
<a href="http://www.apache.org/">
-<img src="http://www.apache.org/images/asf-logo.gif" align="right" alt="Apache Logo" border="0"/>
+<img border="0" alt="Apache Logo" align="right" src="http://www.apache.org/images/asf-logo.gif" />
</a>
</td>
</tr>
</table>
<div class="searchbox noPrint">
-<form action="http://www.google.com/search" method="get">
-<input value="tomcat.apache.org" name="sitesearch" type="hidden"/>
-<input value="Search the Site" size="25" name="q" id="query" type="text"/>
-<input name="Search" value="Search Site" type="submit"/>
+<form method="get" action="http://www.google.com/search">
+<input type="hidden" name="sitesearch" value="tomcat.apache.org" />
+<input type="text" id="query" name="q" size="25" value="Search the Site" />
+<input type="submit" value="Search Site" name="Search" />
</form>
</div>
-<table border="0" width="100%" cellspacing="4">
+<table cellspacing="4" width="100%" border="0">
<!--HEADER SEPARATOR-->
<tr>
<td colspan="2">
-<hr noshade="" size="1"/>
+<hr size="1" noshade="" />
</td>
</tr>
<tr>
<!--LEFT SIDE NAVIGATION-->
-<td width="20%" valign="top" nowrap="true" class="noPrint">
+<td class="noPrint" nowrap="true" valign="top" width="20%">
<p>
<strong>Apache Tomcat</strong>
</p>
@@ -172,11 +172,11 @@
</ul>
</td>
<!--RIGHT SIDE MAIN BODY-->
-<td width="80%" valign="top" align="left" id="mainBody">
-<table border="0" cellspacing="0" cellpadding="2" width="100%">
+<td id="mainBody" align="left" valign="top" width="80%">
+<table width="100%" cellpadding="2" cellspacing="0" border="0">
<tr>
<td bgcolor="#525D76">
-<font color="#ffffff" face="arial,helvetica,sanserif">
+<font face="arial,helvetica,sanserif" color="#ffffff">
<a name="Apache Tomcat 5.x vulnerabilities">
<strong>Apache Tomcat 5.x vulnerabilities</strong>
</a>
@@ -214,58 +214,14 @@
</tr>
<tr>
<td>
-<br/>
+<br />
</td>
</tr>
</table>
-<table border="0" cellspacing="0" cellpadding="2" width="100%">
+<table width="100%" cellpadding="2" cellspacing="0" border="0">
<tr>
<td bgcolor="#525D76">
-<font color="#ffffff" face="arial,helvetica,sanserif">
-<a name="Not fixed in Apache Tomcat 5.5.x">
-<strong>Not fixed in Apache Tomcat 5.5.x</strong>
-</a>
-</font>
-</td>
-</tr>
-<tr>
-<td>
-<p>
-<blockquote>
-
- <p>
-<i>Note: It is expected that this issue will be fixed in 5.5.29 but the
- patch has not yet received the necessary votes to be applied to the 5.5.x
- code base.</i>
-</p>
-
- <p>
-<strong>Low: Insecure default password</strong>
- <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3548">
- CVE-2009-3548</a>
-</p>
-
- <p>The Windows installer defaults to a blank password for the administrative
- user. If this is not changed during the install process, then by default
- a user is created with the name admin, roles admin and manager and a
- blank password.</p>
-
- <p>Affects: 5.5.0-5.5.28</p>
-
- </blockquote>
-</p>
-</td>
-</tr>
-<tr>
-<td>
-<br/>
-</td>
-</tr>
-</table>
-<table border="0" cellspacing="0" cellpadding="2" width="100%">
-<tr>
-<td bgcolor="#525D76">
-<font color="#ffffff" face="arial,helvetica,sanserif">
+<font face="arial,helvetica,sanserif" color="#ffffff">
<a name="Fixed in subversion for Apache Tomcat 5.5.x">
<strong>Fixed in subversion for Apache Tomcat 5.5.x</strong>
</a>
@@ -281,7 +237,7 @@
<i>Note: These issues will be fixed in 5.5.29 but that version has not yet
been released.</i>
</p>
-
+
<p>
<strong>Low: Arbitrary file deletion and/or alteration on deploy</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2693">
@@ -337,21 +293,37 @@
revision 902650</a>.</p>
<p>Affects: 5.5.0-5.5.28</p>
-
+
+ <p>
+<strong>Low: Insecure default password</strong>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3548">
+ CVE-2009-3548</a>
+</p>
+
+ <p>The Windows installer defaults to a blank password for the administrative
+ user. If this is not changed during the install process, then by default
+ a user is created with the name admin, roles admin and manager and a
+ blank password.</p>
+
+ <p>Affects: 5.5.0-5.5.28</p>
+
+ <p>This was fixed in
+ <a href="http://svn.apache.org/viewvc?rev=919006&view=rev">
+ revision 919006</a>.</p>
</blockquote>
</p>
</td>
</tr>
<tr>
<td>
-<br/>
+<br />
</td>
</tr>
</table>
-<table border="0" cellspacing="0" cellpadding="2" width="100%">
+<table width="100%" cellpadding="2" cellspacing="0" border="0">
<tr>
<td bgcolor="#525D76">
-<font color="#ffffff" face="arial,helvetica,sanserif">
+<font face="arial,helvetica,sanserif" color="#ffffff">
<a name="Fixed in Apache Tomcat 5.5.28">
<strong>Fixed in Apache Tomcat 5.5.28</strong>
</a>
@@ -466,14 +438,14 @@
</tr>
<tr>
<td>
-<br/>
+<br />
</td>
</tr>
</table>
-<table border="0" cellspacing="0" cellpadding="2" width="100%">
+<table width="100%" cellpadding="2" cellspacing="0" border="0">
<tr>
<td bgcolor="#525D76">
-<font color="#ffffff" face="arial,helvetica,sanserif">
+<font face="arial,helvetica,sanserif" color="#ffffff">
<a name="Fixed in Apache Tomcat 5.5.27">
<strong>Fixed in Apache Tomcat 5.5.27</strong>
</a>
@@ -546,14 +518,14 @@
</tr>
<tr>
<td>
-<br/>
+<br />
</td>
</tr>
</table>
-<table border="0" cellspacing="0" cellpadding="2" width="100%">
+<table width="100%" cellpadding="2" cellspacing="0" border="0">
<tr>
<td bgcolor="#525D76">
-<font color="#ffffff" face="arial,helvetica,sanserif">
+<font face="arial,helvetica,sanserif" color="#ffffff">
<a name="Fixed in Apache Tomcat 5.5.26">
<strong>Fixed in Apache Tomcat 5.5.26</strong>
</a>
@@ -621,14 +593,14 @@
</tr>
<tr>
<td>
-<br/>
+<br />
</td>
</tr>
</table>
-<table border="0" cellspacing="0" cellpadding="2" width="100%">
+<table width="100%" cellpadding="2" cellspacing="0" border="0">
<tr>
<td bgcolor="#525D76">
-<font color="#ffffff" face="arial,helvetica,sanserif">
+<font face="arial,helvetica,sanserif" color="#ffffff">
<a name="Fixed in Apache Tomcat 5.5.25, 5.0.SVN">
<strong>Fixed in Apache Tomcat 5.5.25, 5.0.SVN</strong>
</a>
@@ -710,14 +682,14 @@
</tr>
<tr>
<td>
-<br/>
+<br />
</td>
</tr>
</table>
-<table border="0" cellspacing="0" cellpadding="2" width="100%">
+<table width="100%" cellpadding="2" cellspacing="0" border="0">
<tr>
<td bgcolor="#525D76">
-<font color="#ffffff" face="arial,helvetica,sanserif">
+<font face="arial,helvetica,sanserif" color="#ffffff">
<a name="Fixed in Apache Tomcat 5.5.24, 5.0.SVN">
<strong>Fixed in Apache Tomcat 5.5.24, 5.0.SVN</strong>
</a>
@@ -747,14 +719,14 @@
</tr>
<tr>
<td>
-<br/>
+<br />
</td>
</tr>
</table>
-<table border="0" cellspacing="0" cellpadding="2" width="100%">
+<table width="100%" cellpadding="2" cellspacing="0" border="0">
<tr>
<td bgcolor="#525D76">
-<font color="#ffffff" face="arial,helvetica,sanserif">
+<font face="arial,helvetica,sanserif" color="#ffffff">
<a name="Fixed in Apache Tomcat 5.5.23, 5.0.SVN">
<strong>Fixed in Apache Tomcat 5.5.23, 5.0.SVN</strong>
</a>
@@ -789,14 +761,14 @@
</tr>
<tr>
<td>
-<br/>
+<br />
</td>
</tr>
</table>
-<table border="0" cellspacing="0" cellpadding="2" width="100%">
+<table width="100%" cellpadding="2" cellspacing="0" border="0">
<tr>
<td bgcolor="#525D76">
-<font color="#ffffff" face="arial,helvetica,sanserif">
+<font face="arial,helvetica,sanserif" color="#ffffff">
<a name="Fixed in Apache Tomcat 5.5.22, 5.0.SVN">
<strong>Fixed in Apache Tomcat 5.5.22, 5.0.SVN</strong>
</a>
@@ -850,14 +822,14 @@
</tr>
<tr>
<td>
-<br/>
+<br />
</td>
</tr>
</table>
-<table border="0" cellspacing="0" cellpadding="2" width="100%">
+<table width="100%" cellpadding="2" cellspacing="0" border="0">
<tr>
<td bgcolor="#525D76">
-<font color="#ffffff" face="arial,helvetica,sanserif">
+<font face="arial,helvetica,sanserif" color="#ffffff">
<a name="Fixed in Apache Tomcat 5.5.21, 5.0.SVN">
<strong>Fixed in Apache Tomcat 5.5.21, 5.0.SVN</strong>
</a>
@@ -890,14 +862,14 @@
</tr>
<tr>
<td>
-<br/>
+<br />
</td>
</tr>
</table>
-<table border="0" cellspacing="0" cellpadding="2" width="100%">
+<table width="100%" cellpadding="2" cellspacing="0" border="0">
<tr>
<td bgcolor="#525D76">
-<font color="#ffffff" face="arial,helvetica,sanserif">
+<font face="arial,helvetica,sanserif" color="#ffffff">
<a name="Fixed in Apache Tomcat 5.5.21">
<strong>Fixed in Apache Tomcat 5.5.21</strong>
</a>
@@ -942,14 +914,14 @@
</tr>
<tr>
<td>
-<br/>
+<br />
</td>
</tr>
</table>
-<table border="0" cellspacing="0" cellpadding="2" width="100%">
+<table width="100%" cellpadding="2" cellspacing="0" border="0">
<tr>
<td bgcolor="#525D76">
-<font color="#ffffff" face="arial,helvetica,sanserif">
+<font face="arial,helvetica,sanserif" color="#ffffff">
<a name="Fixed in Apache Tomcat 5.5.18, 5.0.SVN">
<strong>Fixed in Apache Tomcat 5.5.18, 5.0.SVN</strong>
</a>
@@ -977,14 +949,14 @@
</tr>
<tr>
<td>
-<br/>
+<br />
</td>
</tr>
</table>
-<table border="0" cellspacing="0" cellpadding="2" width="100%">
+<table width="100%" cellpadding="2" cellspacing="0" border="0">
<tr>
<td bgcolor="#525D76">
-<font color="#ffffff" face="arial,helvetica,sanserif">
+<font face="arial,helvetica,sanserif" color="#ffffff">
<a name="Fixed in Apache Tomcat 5.5.17, 5.0.SVN">
<strong>Fixed in Apache Tomcat 5.5.17, 5.0.SVN</strong>
</a>
@@ -1012,14 +984,14 @@
</tr>
<tr>
<td>
-<br/>
+<br />
</td>
</tr>
</table>
-<table border="0" cellspacing="0" cellpadding="2" width="100%">
+<table width="100%" cellpadding="2" cellspacing="0" border="0">
<tr>
<td bgcolor="#525D76">
-<font color="#ffffff" face="arial,helvetica,sanserif">
+<font face="arial,helvetica,sanserif" color="#ffffff">
<a name="Fixed in Apache Tomcat 5.5.16, 5.0.SVN">
<strong>Fixed in Apache Tomcat 5.5.16, 5.0.SVN</strong>
</a>
@@ -1047,14 +1019,14 @@
</tr>
<tr>
<td>
-<br/>
+<br />
</td>
</tr>
</table>
-<table border="0" cellspacing="0" cellpadding="2" width="100%">
+<table width="100%" cellpadding="2" cellspacing="0" border="0">
<tr>
<td bgcolor="#525D76">
-<font color="#ffffff" face="arial,helvetica,sanserif">
+<font face="arial,helvetica,sanserif" color="#ffffff">
<a name="Fixed in Apache Tomcat 5.5.13, 5.0.SVN">
<strong>Fixed in Apache Tomcat 5.5.13, 5.0.SVN</strong>
</a>
@@ -1102,14 +1074,14 @@
</tr>
<tr>
<td>
-<br/>
+<br />
</td>
</tr>
</table>
-<table border="0" cellspacing="0" cellpadding="2" width="100%">
+<table width="100%" cellpadding="2" cellspacing="0" border="0">
<tr>
<td bgcolor="#525D76">
-<font color="#ffffff" face="arial,helvetica,sanserif">
+<font face="arial,helvetica,sanserif" color="#ffffff">
<a name="Fixed in Apache Tomcat 5.5.7, 5.0.SVN">
<strong>Fixed in Apache Tomcat 5.5.7, 5.0.SVN</strong>
</a>
@@ -1137,14 +1109,14 @@
</tr>
<tr>
<td>
-<br/>
+<br />
</td>
</tr>
</table>
-<table border="0" cellspacing="0" cellpadding="2" width="100%">
+<table width="100%" cellpadding="2" cellspacing="0" border="0">
<tr>
<td bgcolor="#525D76">
-<font color="#ffffff" face="arial,helvetica,sanserif">
+<font face="arial,helvetica,sanserif" color="#ffffff">
<a name="Fixed in Apache Tomcat 5.5.1">
<strong>Fixed in Apache Tomcat 5.5.1</strong>
</a>
@@ -1176,14 +1148,14 @@
</tr>
<tr>
<td>
-<br/>
+<br />
</td>
</tr>
</table>
-<table border="0" cellspacing="0" cellpadding="2" width="100%">
+<table width="100%" cellpadding="2" cellspacing="0" border="0">
<tr>
<td bgcolor="#525D76">
-<font color="#ffffff" face="arial,helvetica,sanserif">
+<font face="arial,helvetica,sanserif" color="#ffffff">
<a name="Not a vulnerability in Tomcat">
<strong>Not a vulnerability in Tomcat</strong>
</a>
@@ -1286,7 +1258,7 @@
</tr>
<tr>
<td>
-<br/>
+<br />
</td>
</tr>
</table>
@@ -1295,17 +1267,17 @@
<!--FOOTER SEPARATOR-->
<tr>
<td colspan="2">
-<hr noshade="" size="1"/>
+<hr size="1" noshade="" />
</td>
</tr>
<!--PAGE FOOTER-->
<tr>
<td colspan="2">
<div align="center">
-<font color="#525D76" size="-1">
+<font size="-1" color="#525D76">
<em>
Copyright © 1999-2010, The Apache Software Foundation
- <br/>
+ <br />
"Apache", the Apache feather, and the Apache Tomcat logo are
trademarks of the Apache Software Foundation for our open source
software.
Modified: tomcat/site/trunk/xdocs/security-5.xml
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-5.xml?rev=919020&r1=919019&r2=919020&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/security-5.xml (original)
+++ tomcat/site/trunk/xdocs/security-5.xml Thu Mar 4 15:26:32 2010
@@ -32,30 +32,21 @@
</section>
+<!--
<section name="Not fixed in Apache Tomcat 5.5.x">
<p><i>Note: It is expected that this issue will be fixed in 5.5.29 but the
patch has not yet received the necessary votes to be applied to the 5.5.x
code base.</i></p>
- <p><strong>Low: Insecure default password</strong>
- <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3548">
- CVE-2009-3548</a></p>
-
- <p>The Windows installer defaults to a blank password for the administrative
- user. If this is not changed during the install process, then by default
- a user is created with the name admin, roles admin and manager and a
- blank password.</p>
-
- <p>Affects: 5.5.0-5.5.28</p>
-
</section>
+ -->
<section name="Fixed in subversion for Apache Tomcat 5.5.x">
<p><i>Note: These issues will be fixed in 5.5.29 but that version has not yet
been released.</i></p>
-
+
<p><strong>Low: Arbitrary file deletion and/or alteration on deploy</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2693">
CVE-2009-2693</a></p>
@@ -105,7 +96,21 @@
revision 902650</a>.</p>
<p>Affects: 5.5.0-5.5.28</p>
-
+
+ <p><strong>Low: Insecure default password</strong>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3548">
+ CVE-2009-3548</a></p>
+
+ <p>The Windows installer defaults to a blank password for the administrative
+ user. If this is not changed during the install process, then by default
+ a user is created with the name admin, roles admin and manager and a
+ blank password.</p>
+
+ <p>Affects: 5.5.0-5.5.28</p>
+
+ <p>This was fixed in
+ <a href="http://svn.apache.org/viewvc?rev=919006&view=rev">
+ revision 919006</a>.</p>
</section>
<section name="Fixed in Apache Tomcat 5.5.28">
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org