You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2007/03/31 03:47:51 UTC
svn commit: r524349 - in /tomcat/site/trunk: docs/security-4.html
xdocs/security-4.xml
Author: markt
Date: Fri Mar 30 18:47:50 2007
New Revision: 524349
URL: http://svn.apache.org/viewvc?view=rev&rev=524349
Log:
cve-2001-0917
Modified:
tomcat/site/trunk/docs/security-4.html
tomcat/site/trunk/xdocs/security-4.xml
Modified: tomcat/site/trunk/docs/security-4.html
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-4.html?view=diff&rev=524349&r1=524348&r2=524349
==============================================================================
--- tomcat/site/trunk/docs/security-4.html (original)
+++ tomcat/site/trunk/docs/security-4.html Fri Mar 30 18:47:50 2007
@@ -561,12 +561,15 @@
<p>
<strong>low: Information disclosure</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2009">
- CVE-2002-2009</a>
+ CVE-2002-2009</a>,
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0917">
+ CVE-2001-0917</a>
</p>
<p>Requests for JSP files where the file name is preceded by '+/', '>/',
- '</' or %20/ would result in in an error page that included the full
- file system path to the JSP file.</p>
+ '</' or '%20/' or a request for a JSP with a long file name would
+ result in in an error page that included the full file system path to
+ the JSP file.</p>
<p>Affects: 4.0.0-4.0.1</p>
</blockquote>
Modified: tomcat/site/trunk/xdocs/security-4.xml
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-4.xml?view=diff&rev=524349&r1=524348&r2=524349
==============================================================================
--- tomcat/site/trunk/xdocs/security-4.xml (original)
+++ tomcat/site/trunk/xdocs/security-4.xml Fri Mar 30 18:47:50 2007
@@ -194,11 +194,14 @@
<section name="Fixed in Apache Tomcat 4.0.2">
<p><strong>low: Information disclosure</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2009">
- CVE-2002-2009</a></p>
+ CVE-2002-2009</a>,
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0917">
+ CVE-2001-0917</a></p>
<p>Requests for JSP files where the file name is preceded by '+/', '>/',
- '</' or %20/ would result in in an error page that included the full
- file system path to the JSP file.</p>
+ '</' or '%20/' or a request for a JSP with a long file name would
+ result in in an error page that included the full file system path to
+ the JSP file.</p>
<p>Affects: 4.0.0-4.0.1</p>
</section>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org