svn commit: r619801 - in /tomcat/site/trunk: docs/security-4.html xdocs/security-4.xml

Fri, 08 Feb 2008 00:17:43 -0800 

Author: markt
Date: Fri Feb  8 00:17:09 2008
New Revision: 619801

URL: http://svn.apache.org/viewvc?rev=619801&view=rev
Log:
Fix for CVE-2007-5461 has been applied to TC4.

Modified:
    tomcat/site/trunk/docs/security-4.html
    tomcat/site/trunk/xdocs/security-4.xml

Modified: tomcat/site/trunk/docs/security-4.html
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-4.html?rev=619801&r1=619800&r2=619801&view=diff
==============================================================================
--- tomcat/site/trunk/docs/security-4.html (original)
+++ tomcat/site/trunk/docs/security-4.html Fri Feb  8 00:17:09 2008
@@ -261,44 +261,6 @@
 <tr>
 <td bgcolor="#525D76">
 <font color="#ffffff" face="arial,helvetica,sanserif">
-<a name="Fixed in SVN trunk and proposed for inclusion in 4.1.x">
-<strong>Fixed in SVN trunk and proposed for inclusion in 4.1.x</strong>
-</a>
-</font>
-</td>
-</tr>
-<tr>
-<td>
-<p>
-<blockquote>
-
-    <p>
-<strong>important: Information disclosure</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5461";>
-       CVE-2007-5461</a>
-</p>
-
-    <p>When Tomcat's WebDAV servlet is configured for use with a context and
-       has been enabled for write, some WebDAV requests that specify an entity
-       with a SYSTEM tag can result in the contents of arbitary files being
-       returned to the client.</p>
-
-    <p>Affects: 4.0.0-4.0.6, 4.1.0-4.1.SVN</p>
-
-  </blockquote>
-</p>
-</td>
-</tr>
-<tr>
-<td>
-<br/>
-</td>
-</tr>
-</table>
-<table border="0" cellspacing="0" cellpadding="2" width="100%">
-<tr>
-<td bgcolor="#525D76">
-<font color="#ffffff" face="arial,helvetica,sanserif">
 <a name="Fixed in Apache Tomcat 4.1.SVN for inclusion in next release">
 <strong>Fixed in Apache Tomcat 4.1.SVN for inclusion in next release</strong>
 </a>
@@ -405,6 +367,19 @@
        session ID to an attacker.</p>
 
     <p>Affects: 4.1.0-4.1.36</p>
+
+    <p>
+<strong>important: Information disclosure</strong>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5461";>
+       CVE-2007-5461</a>
+</p>
+
+    <p>When Tomcat's WebDAV servlet is configured for use with a context and
+       has been enabled for write, some WebDAV requests that specify an entity
+       with a SYSTEM tag can result in the contents of arbitary files being
+       returned to the client.</p>
+
+    <p>Affects: 4.0.0-4.0.6, 4.1.0-4.1.36</p>
 
   </blockquote>
 </p>

Modified: tomcat/site/trunk/xdocs/security-4.xml
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-4.xml?rev=619801&r1=619800&r2=619801&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/security-4.xml (original)
+++ tomcat/site/trunk/xdocs/security-4.xml Fri Feb  8 00:17:09 2008
@@ -44,22 +44,6 @@
 
   </section>
 
-
-  <section name="Fixed in SVN trunk and proposed for inclusion in 4.1.x">
-
-    <p><strong>important: Information disclosure</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5461";>
-       CVE-2007-5461</a></p>
-
-    <p>When Tomcat's WebDAV servlet is configured for use with a context and
-       has been enabled for write, some WebDAV requests that specify an entity
-       with a SYSTEM tag can result in the contents of arbitary files being
-       returned to the client.</p>
-
-    <p>Affects: 4.0.0-4.0.6, 4.1.0-4.1.SVN</p>
-
-  </section>
-
   <section name="Fixed in Apache Tomcat 4.1.SVN for inclusion in next release">
     <p><strong>important: Information disclosure</strong>
        <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3164";>
@@ -143,6 +127,17 @@
        session ID to an attacker.</p>
 
     <p>Affects: 4.1.0-4.1.36</p>
+
+    <p><strong>important: Information disclosure</strong>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5461";>
+       CVE-2007-5461</a></p>
+
+    <p>When Tomcat's WebDAV servlet is configured for use with a context and
+       has been enabled for write, some WebDAV requests that specify an entity
+       with a SYSTEM tag can result in the contents of arbitary files being
+       returned to the client.</p>
+
+    <p>Affects: 4.0.0-4.0.6, 4.1.0-4.1.36</p>
 
   </section>
 



---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to