Author: markt Date: Wed Jun 22 09:36:34 2016 New Revision: 1749643 URL: http://svn.apache.org/viewvc?rev=1749643&view=rev Log: Add details of CVE-2016-3092
Modified: tomcat/site/trunk/docs/security-7.html tomcat/site/trunk/docs/security-8.html tomcat/site/trunk/docs/security-9.html tomcat/site/trunk/xdocs/security-7.xml tomcat/site/trunk/xdocs/security-8.xml tomcat/site/trunk/xdocs/security-9.xml Modified: tomcat/site/trunk/docs/security-7.html URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-7.html?rev=1749643&r1=1749642&r2=1749643&view=diff ============================================================================== --- tomcat/site/trunk/docs/security-7.html (original) +++ tomcat/site/trunk/docs/security-7.html Wed Jun 22 09:36:34 2016 @@ -219,6 +219,9 @@ <a href="#Apache_Tomcat_7.x_vulnerabilities">Apache Tomcat 7.x vulnerabilities</a> </li> <li> +<a href="#Fixed_in_Apache_Tomcat_7.0.70">Fixed in Apache Tomcat 7.0.70</a> +</li> +<li> <a href="#Fixed_in_Apache_Tomcat_7.0.68">Fixed in Apache Tomcat 7.0.68</a> </li> <li> @@ -354,6 +357,38 @@ </div> +<h3 id="Fixed_in_Apache_Tomcat_7.0.70"> +<span style="float: right;">20 June 2016</span> Fixed in Apache Tomcat 7.0.70</h3> +<div class="text"> + + +<p> +<strong>Moderate: Denial of Service</strong> + <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3092" rel="nofollow">CVE-2016-3092</a> +</p> + + +<p>Apache Tomcat uses a package renamed copy of Apache Commons FileUpload to + implement the file upload requirements of the Servlet specification. A + denial of service vulnerability was identified in Commons FileUpload that + occurred when the length of the multipart boundary was just below the + size of the buffer (4096 bytes) used to read the uploaded file. This + caused the file upload process to take several orders of magnitude + longer than if the boundary was the typical tens of bytes long.</p> + + +<p>This was fixed in revision <a href="http://svn.apache.org/viewvc?view=rev&rev=1743742">1743742</a>.</p> + + +<p>This issue was identified by the TERASOLUNA Framework Development Team + and reported to the Apache Commons team via JPCERT on 9 May 2016. It was + made public on 21 June 2016.</p> + + +<p>Affects: 7.0.0 to 7.0.69</p> + + +</div> <h3 id="Fixed_in_Apache_Tomcat_7.0.68"> <span style="float: right;">16 February 2016</span> Fixed in Apache Tomcat 7.0.68</h3> <div class="text"> Modified: tomcat/site/trunk/docs/security-8.html URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-8.html?rev=1749643&r1=1749642&r2=1749643&view=diff ============================================================================== --- tomcat/site/trunk/docs/security-8.html (original) +++ tomcat/site/trunk/docs/security-8.html Wed Jun 22 09:36:34 2016 @@ -219,6 +219,9 @@ <a href="#Apache_Tomcat_8.x_vulnerabilities">Apache Tomcat 8.x vulnerabilities</a> </li> <li> +<a href="#Fixed_in_Apache_Tomcat_8.5.3_and_8.0.36">Fixed in Apache Tomcat 8.5.3 and 8.0.36</a> +</li> +<li> <a href="#Fixed_in_Apache_Tomcat_8.0.32">Fixed in Apache Tomcat 8.0.32</a> </li> <li> @@ -300,6 +303,40 @@ </div> +<h3 id="Fixed_in_Apache_Tomcat_8.5.3_and_8.0.36"> +<span style="float: right;">13 June 2016</span> Fixed in Apache Tomcat 8.5.3 and 8.0.36</h3> +<div class="text"> + + +<p> +<strong>Moderate: Denial of Service</strong> + <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3092" rel="nofollow">CVE-2016-3092</a> +</p> + + +<p>Apache Tomcat uses a package renamed copy of Apache Commons FileUpload to + implement the file upload requirements of the Servlet specification. A + denial of service vulnerability was identified in Commons FileUpload that + occurred when the length of the multipart boundary was just below the + size of the buffer (4096 bytes) used to read the uploaded file. This + caused the file upload process to take several orders of magnitude + longer than if the boundary was the typical tens of bytes long.</p> + + +<p>This was fixed in revision <a href="http://svn.apache.org/viewvc?view=rev&rev=1743722">1743722</a> for + 8.5.x and revision <a href="http://svn.apache.org/viewvc?view=rev&rev=1743738">1743738</a> for + 8.0.x.</p> + + +<p>This issue was identified by the TERASOLUNA Framework Development Team + and reported to the Apache Commons team via JPCERT on 9 May 2016. It was + made public on 21 June 2016.</p> + + +<p>Affects: 8.5.0 to 8.5.2, 8.0.0.RC1 to 8.0.35</p> + + +</div> <h3 id="Fixed_in_Apache_Tomcat_8.0.32"> <span style="float: right;">8 February 2016</span> Fixed in Apache Tomcat 8.0.32</h3> <div class="text"> Modified: tomcat/site/trunk/docs/security-9.html URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-9.html?rev=1749643&r1=1749642&r2=1749643&view=diff ============================================================================== --- tomcat/site/trunk/docs/security-9.html (original) +++ tomcat/site/trunk/docs/security-9.html Wed Jun 22 09:36:34 2016 @@ -219,6 +219,9 @@ <a href="#Apache_Tomcat_9.x_vulnerabilities">Apache Tomcat 9.x vulnerabilities</a> </li> <li> +<a href="#Fixed_in_Apache_Tomcat_9.0.0.M8">Fixed in Apache Tomcat 9.0.0.M8</a> +</li> +<li> <a href="#Fixed_in_Apache_Tomcat_9.0.0.M3">Fixed in Apache Tomcat 9.0.0.M3</a> </li> </ul> @@ -270,6 +273,47 @@ </div> +<h3 id="Fixed_in_Apache_Tomcat_9.0.0.M8"> +<span style="float: right;">13 June 2016</span> Fixed in Apache Tomcat 9.0.0.M8</h3> +<div class="text"> + + +<p> +<i>Note: The issue below was fixed in Apache Tomcat 9.0.0.M7 but the + release vote for the 9.0.0.M7 release candidate did not pass. Therefore, + although users must download 9.0.0.M8 to obtain a version that includes + fixes for these issues, version 9.0.0.M7 is not included in the list of + affected versions.</i> +</p> + + +<p> +<strong>Moderate: Denial of Service</strong> + <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3092" rel="nofollow">CVE-2016-3092</a> +</p> + + +<p>Apache Tomcat uses a package renamed copy of Apache Commons FileUpload to + implement the file upload requirements of the Servlet specification. A + denial of service vulnerability was identified in Commons FileUpload that + occurred when the length of the multipart boundary was just below the + size of the buffer (4096 bytes) used to read the uploaded file. This + caused the file upload process to take several orders of magnitude + longer than if the boundary was the typical tens of bytes long.</p> + + +<p>This was fixed in revision <a href="http://svn.apache.org/viewvc?view=rev&rev=1743700">1743700</a>.</p> + + +<p>This issue was identified by the TERASOLUNA Framework Development Team + and reported to the Apache Commons team via JPCERT on 9 May 2016. It was + made public on 21 June 2016.</p> + + +<p>Affects: 9.0.0.M1 to 9.0.0.M6</p> + + +</div> <h3 id="Fixed_in_Apache_Tomcat_9.0.0.M3"> <span style="float: right;">5 January 2016</span> Fixed in Apache Tomcat 9.0.0.M3</h3> <div class="text"> Modified: tomcat/site/trunk/xdocs/security-7.xml URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-7.xml?rev=1749643&r1=1749642&r2=1749643&view=diff ============================================================================== --- tomcat/site/trunk/xdocs/security-7.xml (original) +++ tomcat/site/trunk/xdocs/security-7.xml Wed Jun 22 09:36:34 2016 @@ -50,6 +50,29 @@ </section> + <section name="Fixed in Apache Tomcat 7.0.70" rtext="20 June 2016"> + + <p><strong>Moderate: Denial of Service</strong> + <cve>CVE-2016-3092</cve></p> + + <p>Apache Tomcat uses a package renamed copy of Apache Commons FileUpload to + implement the file upload requirements of the Servlet specification. A + denial of service vulnerability was identified in Commons FileUpload that + occurred when the length of the multipart boundary was just below the + size of the buffer (4096 bytes) used to read the uploaded file. This + caused the file upload process to take several orders of magnitude + longer than if the boundary was the typical tens of bytes long.</p> + + <p>This was fixed in revision <revlink rev="1743742">1743742</revlink>.</p> + + <p>This issue was identified by the TERASOLUNA Framework Development Team + and reported to the Apache Commons team via JPCERT on 9 May 2016. It was + made public on 21 June 2016.</p> + + <p>Affects: 7.0.0 to 7.0.69</p> + + </section> + <section name="Fixed in Apache Tomcat 7.0.68" rtext="16 February 2016"> <p><strong>Low: Directory disclosure</strong> Modified: tomcat/site/trunk/xdocs/security-8.xml URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-8.xml?rev=1749643&r1=1749642&r2=1749643&view=diff ============================================================================== --- tomcat/site/trunk/xdocs/security-8.xml (original) +++ tomcat/site/trunk/xdocs/security-8.xml Wed Jun 22 09:36:34 2016 @@ -50,6 +50,31 @@ </section> + <section name="Fixed in Apache Tomcat 8.5.3 and 8.0.36" rtext="13 June 2016"> + + <p><strong>Moderate: Denial of Service</strong> + <cve>CVE-2016-3092</cve></p> + + <p>Apache Tomcat uses a package renamed copy of Apache Commons FileUpload to + implement the file upload requirements of the Servlet specification. A + denial of service vulnerability was identified in Commons FileUpload that + occurred when the length of the multipart boundary was just below the + size of the buffer (4096 bytes) used to read the uploaded file. This + caused the file upload process to take several orders of magnitude + longer than if the boundary was the typical tens of bytes long.</p> + + <p>This was fixed in revision <revlink rev="1743722">1743722</revlink> for + 8.5.x and revision <revlink rev="1743738">1743738</revlink> for + 8.0.x.</p> + + <p>This issue was identified by the TERASOLUNA Framework Development Team + and reported to the Apache Commons team via JPCERT on 9 May 2016. It was + made public on 21 June 2016.</p> + + <p>Affects: 8.5.0 to 8.5.2, 8.0.0.RC1 to 8.0.35</p> + + </section> + <section name="Fixed in Apache Tomcat 8.0.32" rtext="8 February 2016"> <p><i>Note: The issues below were fixed in Apache Tomcat 8.0.31 but the Modified: tomcat/site/trunk/xdocs/security-9.xml URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-9.xml?rev=1749643&r1=1749642&r2=1749643&view=diff ============================================================================== --- tomcat/site/trunk/xdocs/security-9.xml (original) +++ tomcat/site/trunk/xdocs/security-9.xml Wed Jun 22 09:36:34 2016 @@ -50,6 +50,35 @@ </section> + <section name="Fixed in Apache Tomcat 9.0.0.M8" rtext="13 June 2016"> + + <p><i>Note: The issue below was fixed in Apache Tomcat 9.0.0.M7 but the + release vote for the 9.0.0.M7 release candidate did not pass. Therefore, + although users must download 9.0.0.M8 to obtain a version that includes + fixes for these issues, version 9.0.0.M7 is not included in the list of + affected versions.</i></p> + + <p><strong>Moderate: Denial of Service</strong> + <cve>CVE-2016-3092</cve></p> + + <p>Apache Tomcat uses a package renamed copy of Apache Commons FileUpload to + implement the file upload requirements of the Servlet specification. A + denial of service vulnerability was identified in Commons FileUpload that + occurred when the length of the multipart boundary was just below the + size of the buffer (4096 bytes) used to read the uploaded file. This + caused the file upload process to take several orders of magnitude + longer than if the boundary was the typical tens of bytes long.</p> + + <p>This was fixed in revision <revlink rev="1743700">1743700</revlink>.</p> + + <p>This issue was identified by the TERASOLUNA Framework Development Team + and reported to the Apache Commons team via JPCERT on 9 May 2016. It was + made public on 21 June 2016.</p> + + <p>Affects: 9.0.0.M1 to 9.0.0.M6</p> + + </section> + <section name="Fixed in Apache Tomcat 9.0.0.M3" rtext="5 January 2016"> <p><strong>Moderate: Security Manager bypass</strong> --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org