Author: markt Date: Thu Aug 10 22:01:13 2017 New Revision: 1804734 URL: http://svn.apache.org/viewvc?rev=1804734&view=rev Log: Add info for: - CVE-2017-7674 - CVE-2017-7675
Modified: tomcat/site/trunk/docs/security-7.html tomcat/site/trunk/docs/security-8.html tomcat/site/trunk/docs/security-9.html tomcat/site/trunk/xdocs/security-7.xml tomcat/site/trunk/xdocs/security-8.xml tomcat/site/trunk/xdocs/security-9.xml Modified: tomcat/site/trunk/docs/security-7.html URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-7.html?rev=1804734&r1=1804733&r2=1804734&view=diff ============================================================================== --- tomcat/site/trunk/docs/security-7.html (original) +++ tomcat/site/trunk/docs/security-7.html Thu Aug 10 22:01:13 2017 @@ -210,6 +210,9 @@ <a href="#Apache_Tomcat_7.x_vulnerabilities">Apache Tomcat 7.x vulnerabilities</a> </li> <li> +<a href="#Fixed_in_Apache_Tomcat_7.0.79">Fixed in Apache Tomcat 7.0.79</a> +</li> +<li> <a href="#Fixed_in_Apache_Tomcat_7.0.78">Fixed in Apache Tomcat 7.0.78</a> </li> <li> @@ -366,6 +369,34 @@ </div> +<h3 id="Fixed_in_Apache_Tomcat_7.0.79"> +<span style="float: right;">1 July 2017</span> Fixed in Apache Tomcat 7.0.79</h3> +<div class="text"> + + +<p> +<strong>Moderate: Cache Poisoning</strong> + <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7674" rel="nofollow">CVE-2017-7674</a> +</p> + + +<p>The CORS Filter did not an HTTP Vary header indicating that the response + varies depending on Origin. This permitted client and server side cache + poisoning in some circumstances.</p> + + +<p>This was fixed in revision <a href="http://svn.apache.org/viewvc?view=rev&rev=1795816">1795816</a>.</p> + + +<p>The issue was reported as bug <a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=61101">61101</a> on 16 May 2017. The full + implications of this issue were identified by the Tomcat Security Team + the same day. This issue was made public on 10 August 2017.</p> + + +<p>Affects: 7.0.41 to 7.0.78</p> + + +</div> <h3 id="Fixed_in_Apache_Tomcat_7.0.78"> <span style="float: right;">16 May 2017</span> Fixed in Apache Tomcat 7.0.78</h3> <div class="text"> Modified: tomcat/site/trunk/docs/security-8.html URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-8.html?rev=1804734&r1=1804733&r2=1804734&view=diff ============================================================================== --- tomcat/site/trunk/docs/security-8.html (original) +++ tomcat/site/trunk/docs/security-8.html Thu Aug 10 22:01:13 2017 @@ -210,6 +210,12 @@ <a href="#Apache_Tomcat_8.x_vulnerabilities">Apache Tomcat 8.x vulnerabilities</a> </li> <li> +<a href="#Fixed_in_Apache_Tomcat_8.0.45">Fixed in Apache Tomcat 8.0.45</a> +</li> +<li> +<a href="#Fixed_in_Apache_Tomcat_8.5.16">Fixed in Apache Tomcat 8.5.16</a> +</li> +<li> <a href="#Fixed_in_Apache_Tomcat_8.0.44">Fixed in Apache Tomcat 8.0.44</a> </li> <li> @@ -330,6 +336,85 @@ </div> +<h3 id="Fixed_in_Apache_Tomcat_8.0.45"> +<span style="float: right;">1 July 2017</span> Fixed in Apache Tomcat 8.0.45</h3> +<div class="text"> + + +<p> +<strong>Moderate: Cache Poisoning</strong> + <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7674" rel="nofollow">CVE-2017-7674</a> +</p> + + +<p>The CORS Filter did not an HTTP Vary header indicating that the response + varies depending on Origin. This permitted client and server side cache + poisoning in some circumstances.</p> + + +<p>This was fixed in revision <a href="http://svn.apache.org/viewvc?view=rev&rev=1795815">1795815</a>.</p> + + +<p>The issue was reported as bug <a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=61101">61101</a> on 16 May 2017. The full + implications of this issue were identified by the Tomcat Security Team + the same day. This issue was made public on 10 August 2017.</p> + + +<p>Affects: 8.0.0.RC1 to 8.0.44</p> + + +</div> +<h3 id="Fixed_in_Apache_Tomcat_8.5.16"> +<span style="float: right;">26 June 2017</span> Fixed in Apache Tomcat 8.5.16</h3> +<div class="text"> + + +<p> +<strong>Important: Security Constraint Bypass</strong> + <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7675" rel="nofollow">CVE-2017-7675</a> +</p> + + +<p>The HTTP/2 implementation bypassed a number of security checks that + prevented directory traversal attacks. It was therefore possible to + bypass security constraints using an specially crafted URL.</p> + + +<p>This was fixed in revision <a href="http://svn.apache.org/viewvc?view=rev&rev=1796091">1796091</a>.</p> + + +<p>The issue was originally reported as a failure to process URL path + parameters in bug <a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=61120">61120</a> on 24 May 2017. The full implications + of this issue were identified by the Tomcat Security Team the same day. + This issue was made public on 10 August 2017.</p> + + +<p>Affects: 8.5.0 to 8.5.15</p> + + +<p> +<strong>Moderate: Cache Poisoning</strong> + <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7674" rel="nofollow">CVE-2017-7674</a> +</p> + + +<p>The CORS Filter did not an HTTP Vary header indicating that the response + varies depending on Origin. This permitted client and server side cache + poisoning in some circumstances.</p> + + +<p>This was fixed in revision <a href="http://svn.apache.org/viewvc?view=rev&rev=1795814">1795814</a>.</p> + + +<p>The issue was reported as bug <a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=61101">61101</a> on 16 May 2017. The full + implications of this issue were identified by the Tomcat Security Team + the same day. This issue was made public on 10 August 2017.</p> + + +<p>Affects: 8.5.0 to 8.5.15</p> + + +</div> <h3 id="Fixed_in_Apache_Tomcat_8.0.44"> <span style="float: right;">16 May 2017</span> Fixed in Apache Tomcat 8.0.44</h3> <div class="text"> Modified: tomcat/site/trunk/docs/security-9.html URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-9.html?rev=1804734&r1=1804733&r2=1804734&view=diff ============================================================================== --- tomcat/site/trunk/docs/security-9.html (original) +++ tomcat/site/trunk/docs/security-9.html Thu Aug 10 22:01:13 2017 @@ -210,6 +210,9 @@ <a href="#Apache_Tomcat_9.x_vulnerabilities">Apache Tomcat 9.x vulnerabilities</a> </li> <li> +<a href="#Fixed_in_Apache_Tomcat_9.0.0.M22">Fixed in Apache Tomcat 9.0.0.M22</a> +</li> +<li> <a href="#Fixed_in_Apache_Tomcat_9.0.0.M21">Fixed in Apache Tomcat 9.0.0.M21</a> </li> <li> @@ -285,6 +288,57 @@ </div> +<h3 id="Fixed_in_Apache_Tomcat_9.0.0.M22"> +<span style="float: right;">26 June 2017</span> Fixed in Apache Tomcat 9.0.0.M22</h3> +<div class="text"> + + +<p> +<strong>Important: Security Constraint Bypass</strong> + <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7675" rel="nofollow">CVE-2017-7675</a> +</p> + + +<p>The HTTP/2 implementation bypassed a number of security checks that + prevented directory traversal attacks. It was therefore possible to + bypass security constraints using an specially crafted URL.</p> + + +<p>This was fixed in revision <a href="http://svn.apache.org/viewvc?view=rev&rev=1796090">1796090</a>.</p> + + +<p>The issue was originally reported as a failure to process URL path + parameters in bug <a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=61120">61120</a> on 24 May 2017. The full implications + of this issue were identified by the Tomcat Security Team the same day. + This issue was made public on 10 August 2017.</p> + + +<p>Affects: 9.0.0.M1 to 9.0.0.M21</p> + + +<p> +<strong>Moderate: Cache Poisoning</strong> + <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7674" rel="nofollow">CVE-2017-7674</a> +</p> + + +<p>The CORS Filter did not an HTTP Vary header indicating that the response + varies depending on Origin. This permitted client and server side cache + poisoning in some circumstances.</p> + + +<p>This was fixed in revision <a href="http://svn.apache.org/viewvc?view=rev&rev=1795813">1795813</a>.</p> + + +<p>The issue was reported as bug <a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=61101">61101</a> on 16 May 2017. The full + implications of this issue were identified by the Tomcat Security Team + the same day. This issue was made public on 10 August 2017.</p> + + +<p>Affects: 9.0.0.M1 to 9.0.0.M21</p> + + +</div> <h3 id="Fixed_in_Apache_Tomcat_9.0.0.M21"> <span style="float: right;">10 May 2017</span> Fixed in Apache Tomcat 9.0.0.M21</h3> <div class="text"> Modified: tomcat/site/trunk/xdocs/security-7.xml URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-7.xml?rev=1804734&r1=1804733&r2=1804734&view=diff ============================================================================== --- tomcat/site/trunk/xdocs/security-7.xml (original) +++ tomcat/site/trunk/xdocs/security-7.xml Thu Aug 10 22:01:13 2017 @@ -50,6 +50,25 @@ </section> + <section name="Fixed in Apache Tomcat 7.0.79" rtext="1 July 2017"> + + <p><strong>Moderate: Cache Poisoning</strong> + <cve>CVE-2017-7674</cve></p> + + <p>The CORS Filter did not an HTTP Vary header indicating that the response + varies depending on Origin. This permitted client and server side cache + poisoning in some circumstances.</p> + + <p>This was fixed in revision <revlink rev="1795816">1795816</revlink>.</p> + + <p>The issue was reported as bug <bug>61101</bug> on 16 May 2017. The full + implications of this issue were identified by the Tomcat Security Team + the same day. This issue was made public on 10 August 2017.</p> + + <p>Affects: 7.0.41 to 7.0.78</p> + + </section> + <section name="Fixed in Apache Tomcat 7.0.78" rtext="16 May 2017"> <p><strong>Important: Security Constraint Bypass</strong> Modified: tomcat/site/trunk/xdocs/security-8.xml URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-8.xml?rev=1804734&r1=1804733&r2=1804734&view=diff ============================================================================== --- tomcat/site/trunk/xdocs/security-8.xml (original) +++ tomcat/site/trunk/xdocs/security-8.xml Thu Aug 10 22:01:13 2017 @@ -50,6 +50,60 @@ </section> + <section name="Fixed in Apache Tomcat 8.0.45" rtext="1 July 2017"> + + <p><strong>Moderate: Cache Poisoning</strong> + <cve>CVE-2017-7674</cve></p> + + <p>The CORS Filter did not an HTTP Vary header indicating that the response + varies depending on Origin. This permitted client and server side cache + poisoning in some circumstances.</p> + + <p>This was fixed in revision <revlink rev="1795815">1795815</revlink>.</p> + + <p>The issue was reported as bug <bug>61101</bug> on 16 May 2017. The full + implications of this issue were identified by the Tomcat Security Team + the same day. This issue was made public on 10 August 2017.</p> + + <p>Affects: 8.0.0.RC1 to 8.0.44</p> + + </section> + + <section name="Fixed in Apache Tomcat 8.5.16" rtext="26 June 2017"> + + <p><strong>Important: Security Constraint Bypass</strong> + <cve>CVE-2017-7675</cve></p> + + <p>The HTTP/2 implementation bypassed a number of security checks that + prevented directory traversal attacks. It was therefore possible to + bypass security constraints using an specially crafted URL.</p> + + <p>This was fixed in revision <revlink rev="1796091">1796091</revlink>.</p> + + <p>The issue was originally reported as a failure to process URL path + parameters in bug <bug>61120</bug> on 24 May 2017. The full implications + of this issue were identified by the Tomcat Security Team the same day. + This issue was made public on 10 August 2017.</p> + + <p>Affects: 8.5.0 to 8.5.15</p> + + <p><strong>Moderate: Cache Poisoning</strong> + <cve>CVE-2017-7674</cve></p> + + <p>The CORS Filter did not an HTTP Vary header indicating that the response + varies depending on Origin. This permitted client and server side cache + poisoning in some circumstances.</p> + + <p>This was fixed in revision <revlink rev="1795814">1795814</revlink>.</p> + + <p>The issue was reported as bug <bug>61101</bug> on 16 May 2017. The full + implications of this issue were identified by the Tomcat Security Team + the same day. This issue was made public on 10 August 2017.</p> + + <p>Affects: 8.5.0 to 8.5.15</p> + + </section> + <section name="Fixed in Apache Tomcat 8.0.44" rtext="16 May 2017"> <p><strong>Important: Security Constraint Bypass</strong> Modified: tomcat/site/trunk/xdocs/security-9.xml URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-9.xml?rev=1804734&r1=1804733&r2=1804734&view=diff ============================================================================== --- tomcat/site/trunk/xdocs/security-9.xml (original) +++ tomcat/site/trunk/xdocs/security-9.xml Thu Aug 10 22:01:13 2017 @@ -50,6 +50,41 @@ </section> + <section name="Fixed in Apache Tomcat 9.0.0.M22" rtext="26 June 2017"> + + <p><strong>Important: Security Constraint Bypass</strong> + <cve>CVE-2017-7675</cve></p> + + <p>The HTTP/2 implementation bypassed a number of security checks that + prevented directory traversal attacks. It was therefore possible to + bypass security constraints using an specially crafted URL.</p> + + <p>This was fixed in revision <revlink rev="1796090">1796090</revlink>.</p> + + <p>The issue was originally reported as a failure to process URL path + parameters in bug <bug>61120</bug> on 24 May 2017. The full implications + of this issue were identified by the Tomcat Security Team the same day. + This issue was made public on 10 August 2017.</p> + + <p>Affects: 9.0.0.M1 to 9.0.0.M21</p> + + <p><strong>Moderate: Cache Poisoning</strong> + <cve>CVE-2017-7674</cve></p> + + <p>The CORS Filter did not an HTTP Vary header indicating that the response + varies depending on Origin. This permitted client and server side cache + poisoning in some circumstances.</p> + + <p>This was fixed in revision <revlink rev="1795813">1795813</revlink>.</p> + + <p>The issue was reported as bug <bug>61101</bug> on 16 May 2017. The full + implications of this issue were identified by the Tomcat Security Team + the same day. This issue was made public on 10 August 2017.</p> + + <p>Affects: 9.0.0.M1 to 9.0.0.M21</p> + + </section> + <section name="Fixed in Apache Tomcat 9.0.0.M21" rtext="10 May 2017"> <p><strong>Important: Security Constraint Bypass</strong> --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org