svn commit: r1834430 - /portals/site/pluto/src/site/xdoc/security.xml

Tue, 26 Jun 2018 06:22:08 -0700 

Author: msnicklous
Date: Tue Jun 26 13:22:02 2018
New Revision: 1834430

URL: http://svn.apache.org/viewvc?rev=1834430&view=rev
Log:
PLUTO-716 Committing security updates

Modified:
    portals/site/pluto/src/site/xdoc/security.xml

Modified: portals/site/pluto/src/site/xdoc/security.xml
URL: 
http://svn.apache.org/viewvc/portals/site/pluto/src/site/xdoc/security.xml?rev=1834430&r1=1834429&r2=1834430&view=diff
==============================================================================
--- portals/site/pluto/src/site/xdoc/security.xml (original)
+++ portals/site/pluto/src/site/xdoc/security.xml Tue Jun 26 13:22:02 2018
@@ -31,18 +31,32 @@ limitations under the License.
     The following security issues have been identified and addressed:
   </p>
 
-  <subsection name="Issue1">
-    <p>
-        Security issue 1.
-    </p>
+  <subsection name="Version 3.0.1">
+      <ul>
+      <li> 
+      <p>CVEID: CVE-2018-1306 
+      </p><p>DESCRIPTION: The PortletV3AnnotatedDemo Multipart Portlet war 
file code could allow a remote attacker to obtain sensitive information, caused 
by the failure to restrict path information provided during a file upload. An 
attacker could exploit this vulnerability to obtain configuration data and 
other sensitive information. 
+      </p><p>Versions Affected:
+      <br/>3.0.0
+      </p><p>Mitigation:
+      <br/>* Uninstall the PortletV3AnnotatedDemo Multipart Portlet war file 
+      <br/>- or -
+      <br/>* migrate to version 3.0.1
+      </p>
+      </li>
+      <li> 
+      <p>CVEID: CVE-2015-1926
+      </p><p>DESCRIPTION: The Java Portlet Specification API jar file code 
could allow a remote attacker to obtain sensitive information, caused by the 
failure to restrict access to resources located within the web application. An 
attacker could exploit this vulnerability to obtain configuration data and 
other sensitive information.
+      </p><p>Versions Affected:
+      <br/>2.0.0
+      <br/>3.0.0
+      </p><p>Mitigation:
+      <br/>* migrate to version 3.0.1
+      </p>
+      </li>
+      </ul>
   </subsection>
-  
-  <subsection name="Issue2">
-    <p>
-        Security issue 2.
-    </p>
-  </subsection>
-    
+      
 </section>
 </body>
 </document>
\ No newline at end of file

Reply via email to