svn commit: r1834431 - /portals/site-live/pluto/security.html

Tue, 26 Jun 2018 06:26:32 -0700 

Author: msnicklous
Date: Tue Jun 26 13:26:06 2018
New Revision: 1834431

URL: http://svn.apache.org/viewvc?rev=1834431&view=rev
Log:
PLUTO-716 Committing security updates

Modified:
    portals/site-live/pluto/security.html

Modified: portals/site-live/pluto/security.html
URL: 
http://svn.apache.org/viewvc/portals/site-live/pluto/security.html?rev=1834431&r1=1834430&r2=1834431&view=diff
==============================================================================
--- portals/site-live/pluto/security.html (original)
+++ portals/site-live/pluto/security.html Tue Jun 26 13:26:06 2018
@@ -47,7 +47,7 @@
   
     
             <div class="xleft">
-        Last Published: 2018-06-22
+        Last Published: 2018-06-26
                           |   
                 <a href="http://portals.apache.org/pluto"; 
class="externalLink">Home</a>
                           </div>
@@ -254,21 +254,44 @@
     </div>
     <div id="bodyColumn">
       <div id="contentBox">
-        <div class="section"><h2><a name="Project_Security"></a>Project 
Security</h2>
-<p>
-    The following security issues have been identified and addressed:
-  </p>
-<div class="section"><h3><a name="Issue1"></a>Issue1</h3>
-<p>
-        Security issue 1.
-    </p>
-</div>
-<div class="section"><h3><a name="Issue2"></a>Issue2</h3>
-<p>
-        Security issue 2.
-    </p>
-</div>
-</div>
+        <div class="section"><h2><a name="Project_Security"></a>Project 
Security</h2>
+<p>
+    The following security issues have been identified and addressed:
+  </p>
+<div class="section"><h3><a name="Version_3.0.1"></a>Version 3.0.1</h3>
+<ul><li>CVEID: CVE-2018-1306 
+      <p>DESCRIPTION: The PortletV3AnnotatedDemo Multipart Portlet war file 
code could allow a remote attacker to obtain sensitive information, caused by 
the failure to restrict path information provided during a file upload. An 
attacker could exploit this vulnerability to obtain configuration data and 
other sensitive information. 
+      </p>
+<p>Versions Affected:
+      <br />
+3.0.0
+      </p>
+<p>Mitigation:
+      <br />
+* Uninstall the PortletV3AnnotatedDemo Multipart Portlet war file 
+      <br />
+- or -
+      <br />
+* migrate to version 3.0.1
+      </p>
+</li>
+<li>CVEID: CVE-2015-1926
+      <p>DESCRIPTION: The Java Portlet Specification API jar file code could 
allow a remote attacker to obtain sensitive information, caused by the failure 
to restrict access to resources located within the web application. An attacker 
could exploit this vulnerability to obtain configuration data and other 
sensitive information.
+      </p>
+<p>Versions Affected:
+      <br />
+2.0.0
+      <br />
+3.0.0
+    </p>
+<p>Mitigation:
+      <br />
+* migrate to version 3.0.1
+    </p>
+</li>
+</ul>
+</div>
+</div>
 
       </div>
     </div>

Reply via email to