You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2007/03/31 03:47:51 UTC

svn commit: r524349 - in /tomcat/site/trunk: docs/security-4.html xdocs/security-4.xml

Author: markt
Date: Fri Mar 30 18:47:50 2007
New Revision: 524349

URL: http://svn.apache.org/viewvc?view=rev&rev=524349
Log:
cve-2001-0917

Modified:
    tomcat/site/trunk/docs/security-4.html
    tomcat/site/trunk/xdocs/security-4.xml

Modified: tomcat/site/trunk/docs/security-4.html
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-4.html?view=diff&rev=524349&r1=524348&r2=524349
==============================================================================
--- tomcat/site/trunk/docs/security-4.html (original)
+++ tomcat/site/trunk/docs/security-4.html Fri Mar 30 18:47:50 2007
@@ -561,12 +561,15 @@
     <p>
 <strong>low: Information disclosure</strong>
        <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2009">
-       CVE-2002-2009</a>
+       CVE-2002-2009</a>,
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0917">
+       CVE-2001-0917</a>
 </p>
 
     <p>Requests for JSP files where the file name is preceded by '+/', '&gt;/',
-       '&lt;/' or %20/ would result in in an error page that included the full
-       file system path to the JSP file.</p> 
+       '&lt;/' or '%20/' or a request for a JSP with a long file name would
+       result in in an error page that included the full file system path to
+       the JSP file.</p>
 
     <p>Affects: 4.0.0-4.0.1</p>
   </blockquote>

Modified: tomcat/site/trunk/xdocs/security-4.xml
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-4.xml?view=diff&rev=524349&r1=524348&r2=524349
==============================================================================
--- tomcat/site/trunk/xdocs/security-4.xml (original)
+++ tomcat/site/trunk/xdocs/security-4.xml Fri Mar 30 18:47:50 2007
@@ -194,11 +194,14 @@
   <section name="Fixed in Apache Tomcat 4.0.2">
     <p><strong>low: Information disclosure</strong>
        <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2009">
-       CVE-2002-2009</a></p>
+       CVE-2002-2009</a>,
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0917">
+       CVE-2001-0917</a></p>
 
     <p>Requests for JSP files where the file name is preceded by '+/', '&gt;/',
-       '&lt;/' or %20/ would result in in an error page that included the full
-       file system path to the JSP file.</p> 
+       '&lt;/' or '%20/' or a request for a JSP with a long file name would
+       result in in an error page that included the full file system path to
+       the JSP file.</p>
 
     <p>Affects: 4.0.0-4.0.1</p>
   </section>



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org