You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by jf...@apache.org on 2007/03/03 01:38:30 UTC
svn commit: r514031 -
/tomcat/connectors/trunk/jk/xdocs/miscellaneous/changelog.xml
Author: jfclere
Date: Fri Mar 2 16:38:29 2007
New Revision: 514031
URL: http://svn.apache.org/viewvc?view=rev&rev=514031
Log:
Arrange the explaination.
Modified:
tomcat/connectors/trunk/jk/xdocs/miscellaneous/changelog.xml
Modified: tomcat/connectors/trunk/jk/xdocs/miscellaneous/changelog.xml
URL: http://svn.apache.org/viewvc/tomcat/connectors/trunk/jk/xdocs/miscellaneous/changelog.xml?view=diff&rev=514031&r1=514030&r2=514031
==============================================================================
--- tomcat/connectors/trunk/jk/xdocs/miscellaneous/changelog.xml (original)
+++ tomcat/connectors/trunk/jk/xdocs/miscellaneous/changelog.xml Fri Mar 2 16:38:29 2007
@@ -22,18 +22,15 @@
new documentation project for JK was started.
</p>
</section>
-<section name="Changes between 1.2.21 and 1.2.22">
- <br />
-</section>
<section name="Changes between 1.2.20 and 1.2.21">
<br />
<subsection name="Native">
<changelog>
<fix>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0774"><b>CVE-2007-0774</b></a>
- : Fix a buffer overflow in map_uri_to_worker().
- URL longer that 4095 were crashing mod_jk.
- This could have allow different kind of attacks. Reported by ZDI.
+ : A denial of service and critical remote code execution vulnerability.
+ Caused by buffer overflow in map_uri_to_worker() when URL were longer that 4095 bytes.
+ Reported by ZDI (www.zerodayintiative.com).
Please note this issue only affected versions 1.2.19 and 1.2.20 of the
Apache Tomcat JK Web Server Connector and not previous versions.
Tomcat 5.5.20 and Tomcat 4.1.34
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org