Author: markt
Date: Wed Jun 22 09:36:34 2016
New Revision: 1749643
URL: http://svn.apache.org/viewvc?rev=1749643&view=rev
Log:
Add details of CVE-2016-3092
Modified:
tomcat/site/trunk/docs/security-7.html
tomcat/site/trunk/docs/security-8.html
tomcat/site/trunk/docs/security-9.html
tomcat/site/trunk/xdocs/security-7.xml
tomcat/site/trunk/xdocs/security-8.xml
tomcat/site/trunk/xdocs/security-9.xml
Modified: tomcat/site/trunk/docs/security-7.html
URL:
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-7.html?rev=1749643&r1=1749642&r2=1749643&view=diff
==============================================================================
--- tomcat/site/trunk/docs/security-7.html (original)
+++ tomcat/site/trunk/docs/security-7.html Wed Jun 22 09:36:34 2016
@@ -219,6 +219,9 @@
<a href="#Apache_Tomcat_7.x_vulnerabilities">Apache Tomcat 7.x
vulnerabilities</a>
</li>
<li>
+<a href="#Fixed_in_Apache_Tomcat_7.0.70">Fixed in Apache Tomcat 7.0.70</a>
+</li>
+<li>
<a href="#Fixed_in_Apache_Tomcat_7.0.68">Fixed in Apache Tomcat 7.0.68</a>
</li>
<li>
@@ -354,6 +357,38 @@
</div>
+<h3 id="Fixed_in_Apache_Tomcat_7.0.70">
+<span style="float: right;">20 June 2016</span> Fixed in Apache Tomcat
7.0.70</h3>
+<div class="text">
+
+
+<p>
+<strong>Moderate: Denial of Service</strong>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3092";
rel="nofollow">CVE-2016-3092</a>
+</p>
+
+
+<p>Apache Tomcat uses a package renamed copy of Apache Commons FileUpload to
+ implement the file upload requirements of the Servlet specification. A
+ denial of service vulnerability was identified in Commons FileUpload
that
+ occurred when the length of the multipart boundary was just below the
+ size of the buffer (4096 bytes) used to read the uploaded file. This
+ caused the file upload process to take several orders of magnitude
+ longer than if the boundary was the typical tens of bytes long.</p>
+
+
+<p>This was fixed in revision <a
href="http://svn.apache.org/viewvc?view=rev&rev=1743742";>1743742</a>.</p>
+
+
+<p>This issue was identified by the TERASOLUNA Framework Development Team
+ and reported to the Apache Commons team via JPCERT on 9 May 2016. It was
+ made public on 21 June 2016.</p>
+
+
+<p>Affects: 7.0.0 to 7.0.69</p>
+
+
+</div>
<h3 id="Fixed_in_Apache_Tomcat_7.0.68">
<span style="float: right;">16 February 2016</span> Fixed in Apache Tomcat
7.0.68</h3>
<div class="text">
Modified: tomcat/site/trunk/docs/security-8.html
URL:
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-8.html?rev=1749643&r1=1749642&r2=1749643&view=diff
==============================================================================
--- tomcat/site/trunk/docs/security-8.html (original)
+++ tomcat/site/trunk/docs/security-8.html Wed Jun 22 09:36:34 2016
@@ -219,6 +219,9 @@
<a href="#Apache_Tomcat_8.x_vulnerabilities">Apache Tomcat 8.x
vulnerabilities</a>
</li>
<li>
+<a href="#Fixed_in_Apache_Tomcat_8.5.3_and_8.0.36">Fixed in Apache Tomcat
8.5.3 and 8.0.36</a>
+</li>
+<li>
<a href="#Fixed_in_Apache_Tomcat_8.0.32">Fixed in Apache Tomcat 8.0.32</a>
</li>
<li>
@@ -300,6 +303,40 @@
</div>
+<h3 id="Fixed_in_Apache_Tomcat_8.5.3_and_8.0.36">
+<span style="float: right;">13 June 2016</span> Fixed in Apache Tomcat 8.5.3
and 8.0.36</h3>
+<div class="text">
+
+
+<p>
+<strong>Moderate: Denial of Service</strong>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3092";
rel="nofollow">CVE-2016-3092</a>
+</p>
+
+
+<p>Apache Tomcat uses a package renamed copy of Apache Commons FileUpload to
+ implement the file upload requirements of the Servlet specification. A
+ denial of service vulnerability was identified in Commons FileUpload
that
+ occurred when the length of the multipart boundary was just below the
+ size of the buffer (4096 bytes) used to read the uploaded file. This
+ caused the file upload process to take several orders of magnitude
+ longer than if the boundary was the typical tens of bytes long.</p>
+
+
+<p>This was fixed in revision <a
href="http://svn.apache.org/viewvc?view=rev&rev=1743722";>1743722</a> for
+ 8.5.x and revision <a
href="http://svn.apache.org/viewvc?view=rev&rev=1743738";>1743738</a> for
+ 8.0.x.</p>
+
+
+<p>This issue was identified by the TERASOLUNA Framework Development Team
+ and reported to the Apache Commons team via JPCERT on 9 May 2016. It was
+ made public on 21 June 2016.</p>
+
+
+<p>Affects: 8.5.0 to 8.5.2, 8.0.0.RC1 to 8.0.35</p>
+
+
+</div>
<h3 id="Fixed_in_Apache_Tomcat_8.0.32">
<span style="float: right;">8 February 2016</span> Fixed in Apache Tomcat
8.0.32</h3>
<div class="text">
Modified: tomcat/site/trunk/docs/security-9.html
URL:
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-9.html?rev=1749643&r1=1749642&r2=1749643&view=diff
==============================================================================
--- tomcat/site/trunk/docs/security-9.html (original)
+++ tomcat/site/trunk/docs/security-9.html Wed Jun 22 09:36:34 2016
@@ -219,6 +219,9 @@
<a href="#Apache_Tomcat_9.x_vulnerabilities">Apache Tomcat 9.x
vulnerabilities</a>
</li>
<li>
+<a href="#Fixed_in_Apache_Tomcat_9.0.0.M8">Fixed in Apache Tomcat 9.0.0.M8</a>
+</li>
+<li>
<a href="#Fixed_in_Apache_Tomcat_9.0.0.M3">Fixed in Apache Tomcat 9.0.0.M3</a>
</li>
</ul>
@@ -270,6 +273,47 @@
</div>
+<h3 id="Fixed_in_Apache_Tomcat_9.0.0.M8">
+<span style="float: right;">13 June 2016</span> Fixed in Apache Tomcat
9.0.0.M8</h3>
+<div class="text">
+
+
+<p>
+<i>Note: The issue below was fixed in Apache Tomcat 9.0.0.M7 but the
+ release vote for the 9.0.0.M7 release candidate did not pass. Therefore,
+ although users must download 9.0.0.M8 to obtain a version that includes
+ fixes for these issues, version 9.0.0.M7 is not included in the list of
+ affected versions.</i>
+</p>
+
+
+<p>
+<strong>Moderate: Denial of Service</strong>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3092";
rel="nofollow">CVE-2016-3092</a>
+</p>
+
+
+<p>Apache Tomcat uses a package renamed copy of Apache Commons FileUpload to
+ implement the file upload requirements of the Servlet specification. A
+ denial of service vulnerability was identified in Commons FileUpload
that
+ occurred when the length of the multipart boundary was just below the
+ size of the buffer (4096 bytes) used to read the uploaded file. This
+ caused the file upload process to take several orders of magnitude
+ longer than if the boundary was the typical tens of bytes long.</p>
+
+
+<p>This was fixed in revision <a
href="http://svn.apache.org/viewvc?view=rev&rev=1743700";>1743700</a>.</p>
+
+
+<p>This issue was identified by the TERASOLUNA Framework Development Team
+ and reported to the Apache Commons team via JPCERT on 9 May 2016. It was
+ made public on 21 June 2016.</p>
+
+
+<p>Affects: 9.0.0.M1 to 9.0.0.M6</p>
+
+
+</div>
<h3 id="Fixed_in_Apache_Tomcat_9.0.0.M3">
<span style="float: right;">5 January 2016</span> Fixed in Apache Tomcat
9.0.0.M3</h3>
<div class="text">
Modified: tomcat/site/trunk/xdocs/security-7.xml
URL:
http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-7.xml?rev=1749643&r1=1749642&r2=1749643&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/security-7.xml (original)
+++ tomcat/site/trunk/xdocs/security-7.xml Wed Jun 22 09:36:34 2016
@@ -50,6 +50,29 @@
</section>
+ <section name="Fixed in Apache Tomcat 7.0.70" rtext="20 June 2016">
+
+ <p><strong>Moderate: Denial of Service</strong>
+ <cve>CVE-2016-3092</cve></p>
+
+ <p>Apache Tomcat uses a package renamed copy of Apache Commons FileUpload
to
+ implement the file upload requirements of the Servlet specification. A
+ denial of service vulnerability was identified in Commons FileUpload
that
+ occurred when the length of the multipart boundary was just below the
+ size of the buffer (4096 bytes) used to read the uploaded file. This
+ caused the file upload process to take several orders of magnitude
+ longer than if the boundary was the typical tens of bytes long.</p>
+
+ <p>This was fixed in revision <revlink rev="1743742">1743742</revlink>.</p>
+
+ <p>This issue was identified by the TERASOLUNA Framework Development Team
+ and reported to the Apache Commons team via JPCERT on 9 May 2016. It was
+ made public on 21 June 2016.</p>
+
+ <p>Affects: 7.0.0 to 7.0.69</p>
+
+ </section>
+
<section name="Fixed in Apache Tomcat 7.0.68" rtext="16 February 2016">
<p><strong>Low: Directory disclosure</strong>
Modified: tomcat/site/trunk/xdocs/security-8.xml
URL:
http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-8.xml?rev=1749643&r1=1749642&r2=1749643&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/security-8.xml (original)
+++ tomcat/site/trunk/xdocs/security-8.xml Wed Jun 22 09:36:34 2016
@@ -50,6 +50,31 @@
</section>
+ <section name="Fixed in Apache Tomcat 8.5.3 and 8.0.36" rtext="13 June 2016">
+
+ <p><strong>Moderate: Denial of Service</strong>
+ <cve>CVE-2016-3092</cve></p>
+
+ <p>Apache Tomcat uses a package renamed copy of Apache Commons FileUpload
to
+ implement the file upload requirements of the Servlet specification. A
+ denial of service vulnerability was identified in Commons FileUpload
that
+ occurred when the length of the multipart boundary was just below the
+ size of the buffer (4096 bytes) used to read the uploaded file. This
+ caused the file upload process to take several orders of magnitude
+ longer than if the boundary was the typical tens of bytes long.</p>
+
+ <p>This was fixed in revision <revlink rev="1743722">1743722</revlink> for
+ 8.5.x and revision <revlink rev="1743738">1743738</revlink> for
+ 8.0.x.</p>
+
+ <p>This issue was identified by the TERASOLUNA Framework Development Team
+ and reported to the Apache Commons team via JPCERT on 9 May 2016. It was
+ made public on 21 June 2016.</p>
+
+ <p>Affects: 8.5.0 to 8.5.2, 8.0.0.RC1 to 8.0.35</p>
+
+ </section>
+
<section name="Fixed in Apache Tomcat 8.0.32" rtext="8 February 2016">
<p><i>Note: The issues below were fixed in Apache Tomcat 8.0.31 but the
Modified: tomcat/site/trunk/xdocs/security-9.xml
URL:
http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-9.xml?rev=1749643&r1=1749642&r2=1749643&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/security-9.xml (original)
+++ tomcat/site/trunk/xdocs/security-9.xml Wed Jun 22 09:36:34 2016
@@ -50,6 +50,35 @@
</section>
+ <section name="Fixed in Apache Tomcat 9.0.0.M8" rtext="13 June 2016">
+
+ <p><i>Note: The issue below was fixed in Apache Tomcat 9.0.0.M7 but the
+ release vote for the 9.0.0.M7 release candidate did not pass. Therefore,
+ although users must download 9.0.0.M8 to obtain a version that includes
+ fixes for these issues, version 9.0.0.M7 is not included in the list of
+ affected versions.</i></p>
+
+ <p><strong>Moderate: Denial of Service</strong>
+ <cve>CVE-2016-3092</cve></p>
+
+ <p>Apache Tomcat uses a package renamed copy of Apache Commons FileUpload
to
+ implement the file upload requirements of the Servlet specification. A
+ denial of service vulnerability was identified in Commons FileUpload
that
+ occurred when the length of the multipart boundary was just below the
+ size of the buffer (4096 bytes) used to read the uploaded file. This
+ caused the file upload process to take several orders of magnitude
+ longer than if the boundary was the typical tens of bytes long.</p>
+
+ <p>This was fixed in revision <revlink rev="1743700">1743700</revlink>.</p>
+
+ <p>This issue was identified by the TERASOLUNA Framework Development Team
+ and reported to the Apache Commons team via JPCERT on 9 May 2016. It was
+ made public on 21 June 2016.</p>
+
+ <p>Affects: 9.0.0.M1 to 9.0.0.M6</p>
+
+ </section>
+
<section name="Fixed in Apache Tomcat 9.0.0.M3" rtext="5 January 2016">
<p><strong>Moderate: Security Manager bypass</strong>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
