You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2007/02/17 15:04:31 UTC
svn commit: r508762 - in /tomcat/site/trunk: docs/security-4.html
docs/security-5.html xdocs/security-4.xml xdocs/security-5.xml
Author: markt
Date: Sat Feb 17 06:04:30 2007
New Revision: 508762
URL: http://svn.apache.org/viewvc?view=rev&rev=508762
Log:
Add CVE-2005-3510
Modified:
tomcat/site/trunk/docs/security-4.html
tomcat/site/trunk/docs/security-5.html
tomcat/site/trunk/xdocs/security-4.xml
tomcat/site/trunk/xdocs/security-5.xml
Modified: tomcat/site/trunk/docs/security-4.html
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-4.html?view=diff&rev=508762&r1=508761&r2=508762
==============================================================================
--- tomcat/site/trunk/docs/security-4.html (original)
+++ tomcat/site/trunk/docs/security-4.html Sat Feb 17 06:04:30 2007
@@ -232,6 +232,23 @@
issues, directory listings were changed to be disabled by default.</p>
<p>Affects: 4.0.0-4.0.6, 4.1.0-4.1.31</p>
+
+ <p>
+<strong>important: Denial of service</strong>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3510">
+ CVE-2005-3510</a>
+</p>
+
+ <p>The root cause is the relatively expensive calls required to generate
+ the content for the directory listings. If directory listings are
+ enabled, the number of files in each directory should be kepp to a
+ minimum. In response to this issue, directory listings were changed to
+ be disabled by default. Additionally, a
+ <a href="http://marc.theaimsgroup.com/?l=tomcat-dev&m=113356822719767&w=2">
+ patch</a> has been proposed that would improve performance, particularly
+ for large directories, by caching directory listings.</p>
+
+ <p>Affects: 4.0.0-4.0.6, 4.1.0-4.1.31</p>
</blockquote>
</p>
</td>
Modified: tomcat/site/trunk/docs/security-5.html
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-5.html?view=diff&rev=508762&r1=508761&r2=508762
==============================================================================
--- tomcat/site/trunk/docs/security-5.html (original)
+++ tomcat/site/trunk/docs/security-5.html Sat Feb 17 06:04:30 2007
@@ -232,6 +232,23 @@
issues, directory listings were changed to be disabled by default.</p>
<p>Affects: 5.0.0-5.5.30, 5.5.0-5.5.12</p>
+
+ <p>
+<strong>important: Denial of service</strong>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3510">
+ CVE-2005-3510</a>
+</p>
+
+ <p>The root cause is the relatively expensive calls required to generate
+ the content for the directory listings. If directory listings are
+ enabled, the number of files in each directory should be kepp to a
+ minimum. In response to this issue, directory listings were changed to
+ be disabled by default. Additionally, a
+ <a href="http://marc.theaimsgroup.com/?l=tomcat-dev&m=113356822719767&w=2">
+ patch</a> has been proposed that would improve performance, particularly
+ for large directories, by caching directory listings.</p>
+
+ <p>Affects: 5.0.0-5.5.30, 5.5.0-5.5.12</p>
</blockquote>
</p>
</td>
Modified: tomcat/site/trunk/xdocs/security-4.xml
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-4.xml?view=diff&rev=508762&r1=508761&r2=508762
==============================================================================
--- tomcat/site/trunk/xdocs/security-4.xml (original)
+++ tomcat/site/trunk/xdocs/security-4.xml Sat Feb 17 06:04:30 2007
@@ -37,6 +37,21 @@
issues, directory listings were changed to be disabled by default.</p>
<p>Affects: 4.0.0-4.0.6, 4.1.0-4.1.31</p>
+
+ <p><strong>important: Denial of service</strong>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3510">
+ CVE-2005-3510</a></p>
+
+ <p>The root cause is the relatively expensive calls required to generate
+ the content for the directory listings. If directory listings are
+ enabled, the number of files in each directory should be kepp to a
+ minimum. In response to this issue, directory listings were changed to
+ be disabled by default. Additionally, a
+ <a href="http://marc.theaimsgroup.com/?l=tomcat-dev&m=113356822719767&w=2">
+ patch</a> has been proposed that would improve performance, particularly
+ for large directories, by caching directory listings.</p>
+
+ <p>Affects: 4.0.0-4.0.6, 4.1.0-4.1.31</p>
</section>
<section name="Unverified">
Modified: tomcat/site/trunk/xdocs/security-5.xml
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-5.xml?view=diff&rev=508762&r1=508761&r2=508762
==============================================================================
--- tomcat/site/trunk/xdocs/security-5.xml (original)
+++ tomcat/site/trunk/xdocs/security-5.xml Sat Feb 17 06:04:30 2007
@@ -37,7 +37,23 @@
issues, directory listings were changed to be disabled by default.</p>
<p>Affects: 5.0.0-5.5.30, 5.5.0-5.5.12</p>
+
+ <p><strong>important: Denial of service</strong>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3510">
+ CVE-2005-3510</a></p>
+
+ <p>The root cause is the relatively expensive calls required to generate
+ the content for the directory listings. If directory listings are
+ enabled, the number of files in each directory should be kepp to a
+ minimum. In response to this issue, directory listings were changed to
+ be disabled by default. Additionally, a
+ <a href="http://marc.theaimsgroup.com/?l=tomcat-dev&m=113356822719767&w=2">
+ patch</a> has been proposed that would improve performance, particularly
+ for large directories, by caching directory listings.</p>
+
+ <p>Affects: 5.0.0-5.5.30, 5.5.0-5.5.12</p>
</section>
+
</body>
</document>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org