Author: markt
Date: Tue Jan 17 11:34:44 2012
New Revision: 1232388
URL: http://svn.apache.org/viewvc?rev=1232388&view=rev
Log:
Add CVE-2011-3375 and CVE-2012-0022
Modified:
tomcat/site/trunk/docs/security-5.html
tomcat/site/trunk/docs/security-6.html
tomcat/site/trunk/docs/security-7.html
tomcat/site/trunk/xdocs/security-5.xml
tomcat/site/trunk/xdocs/security-6.xml
tomcat/site/trunk/xdocs/security-7.xml
Modified: tomcat/site/trunk/docs/security-5.html
URL:
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-5.html?rev=1232388&r1=1232387&r2=1232388&view=diff
==============================================================================
--- tomcat/site/trunk/docs/security-5.html (original)
+++ tomcat/site/trunk/docs/security-5.html Tue Jan 17 11:34:44 2012
@@ -195,6 +195,9 @@
<a href="#Apache_Tomcat_5.x_vulnerabilities">Apache Tomcat 5.x
vulnerabilities</a>
</li>
<li>
+<a href="#Fixed_in_Apache_Tomcat_5.5.35">Fixed in Apache Tomcat 5.5.35</a>
+</li>
+<li>
<a href="#Fixed_in_Apache_Tomcat_5.5.34">Fixed in Apache Tomcat 5.5.34</a>
</li>
<li>
@@ -335,6 +338,54 @@
</table>
<table border="0" cellspacing="0" cellpadding="2" width="100%">
<tr>
+<td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica,sanserif"><a
name="Fixed in Apache Tomcat 5.5.35">
+<!--()--></a><a name="Fixed_in_Apache_Tomcat_5.5.35"><strong>Fixed in Apache
Tomcat 5.5.35</strong></a></font></td><td align="right" bgcolor="#525D76"><font
color="#ffffff" face="arial,helvetica.sanserif"><strong>released 1 Jan
2012</strong></font></td>
+</tr>
+<tr>
+<td colspan="2">
+<p>
+<blockquote>
+
+
+<p>
+<strong>Important: Denial of service</strong>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0022";
rel="nofollow">CVE-2012-0022</a>
+</p>
+
+
+<p>Analysis of the recent hash collision vulnerability identified unrelated
+ inefficiencies with Apache Tomcat's handling of large numbers of
+ parameters and parameter values. These inefficiencies could allow an
+ attacker, via a specially crafted request, to cause large amounts of CPU
+ to be used which in turn could create a denial of service. The issue was
+ addressed by modifying the Tomcat parameter handling code to efficiently
+ process large numbers of parameters and parameter values.</p>
+
+
+<p>This was fixed in revisions <a
href="http://svn.apache.org/viewvc?view=rev&rev=1221282";>1221282</a>,
+ <a
href="http://svn.apache.org/viewvc?view=rev&rev=1224640";>1224640</a> and
+ <a
href="http://svn.apache.org/viewvc?view=rev&rev=1228191";>1228191</a>.</p>
+
+
+<p>This was identified by the Tomcat security team on 21 October 2011 and
+ made public on 17 January 2012.</p>
+
+
+<p>Affects: 5.5.0-5.5.34</p>
+
+
+</blockquote>
+</p>
+</td>
+</tr>
+<tr>
+<td>
+<br>
+</td>
+</tr>
+</table>
+<table border="0" cellspacing="0" cellpadding="2" width="100%">
+<tr>
<td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica,sanserif"><a
name="Fixed in Apache Tomcat 5.5.34">
<!--()--></a><a name="Fixed_in_Apache_Tomcat_5.5.34"><strong>Fixed in Apache
Tomcat 5.5.34</strong></a></font></td><td align="right" bgcolor="#525D76"><font
color="#ffffff" face="arial,helvetica.sanserif"><strong>released 22 Sep
2011</strong></font></td>
</tr>
Modified: tomcat/site/trunk/docs/security-6.html
URL:
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-6.html?rev=1232388&r1=1232387&r2=1232388&view=diff
==============================================================================
--- tomcat/site/trunk/docs/security-6.html (original)
+++ tomcat/site/trunk/docs/security-6.html Tue Jan 17 11:34:44 2012
@@ -323,15 +323,44 @@
<p>
-<strong>Note:</strong> <i>The issue below was fixed in Apache Tomcat 6.0.34
but the
- release vote for the 6.0.34 release candidate did not pass. Therefore,
- although users must download 6.0.35 to obtain a version that includes a
- fix for this issue, version 6.0.34 is not included in the list of
- affected versions.</i>
+<strong>Note:</strong> <i>The issues below were fixed in Apache Tomcat
+ 6.0.34 but the release vote for the 6.0.34 release candidate did not
+ pass. Therefore, although users must download 6.0.35 to obtain a version
+ that includes a fix for this issue, version 6.0.34 is not included in
the
+ list of affected versions.</i>
</p>
<p>
+<strong>Important: Information disclosure</strong>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3375";
rel="nofollow">CVE-2011-3375</a>
+</p>
+
+
+<p>For performance reasons, information parsed from a request is often
+ cached in two places: the internal request object and the internal
+ processor object. These objects are not recycled at exactly the same
+ time. When certain errors occur that needed to be added to the access
+ log, the access logging process triggers the re-population of the
request
+ object after it has been recycled. However, the request object was not
+ recycled before being used for the next request. That lead to
information
+ leakage (e.g. remote IP address, HTTP headers) from the previous request
+ to the next request. The issue was resolved be ensuring that the request
+ and response objects were recycled after being re-populated to generate
+ the necessary access log entries.</p>
+
+
+<p>This was fixed in <a
href="http://svn.apache.org/viewvc?view=rev&rev=1185998";>revision
1185998</a>.</p>
+
+
+<p>This was identified by the Tomcat security team on 22 September 2011 and
+ made public on 17 January 2012.</p>
+
+
+<p>Affects: 6.0.30-6.0.33</p>
+
+
+<p>
<strong>Important: Authentication bypass and information disclosure
</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3190";
rel="nofollow">CVE-2011-3190</a>
@@ -408,6 +437,34 @@
</li>
</ul>
+
+
+<p>
+<strong>Important: Denial of service</strong>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0022";
rel="nofollow">CVE-2012-0022</a>
+</p>
+
+
+<p>Analysis of the recent hash collision vulnerability identified unrelated
+ inefficiencies with Apache Tomcat's handling of large numbers of
+ parameters and parameter values. These inefficiencies could allow an
+ attacker, via a specially crafted request, to cause large amounts of CPU
+ to be used which in turn could create a denial of service. The issue was
+ addressed by modifying the Tomcat parameter handling code to efficiently
+ process large numbers of parameters and parameter values.</p>
+
+
+<p>This was fixed in revisions <a
href="http://svn.apache.org/viewvc?view=rev&rev=1200601";>1200601</a>,
+ <a
href="http://svn.apache.org/viewvc?view=rev&rev=1206324";>1206324</a> and
+ <a
href="http://svn.apache.org/viewvc?view=rev&rev=1229027";>1229027</a>.</p>
+
+
+<p>This was identified by the Tomcat security team on 21 October 2011 and
+ made public on 17 January 2012.</p>
+
+
+<p>Affects: 6.0.0-6.0.33</p>
+
</blockquote>
</p>
Modified: tomcat/site/trunk/docs/security-7.html
URL:
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-7.html?rev=1232388&r1=1232387&r2=1232388&view=diff
==============================================================================
--- tomcat/site/trunk/docs/security-7.html (original)
+++ tomcat/site/trunk/docs/security-7.html Tue Jan 17 11:34:44 2012
@@ -195,6 +195,9 @@
<a href="#Apache_Tomcat_7.x_vulnerabilities">Apache Tomcat 7.x
vulnerabilities</a>
</li>
<li>
+<a href="#Fixed_in_Apache_Tomcat_7.0.23">Fixed in Apache Tomcat 7.0.23</a>
+</li>
+<li>
<a href="#Fixed_in_Apache_Tomcat_7.0.22">Fixed in Apache Tomcat 7.0.22</a>
</li>
<li>
@@ -309,6 +312,62 @@
</table>
<table border="0" cellspacing="0" cellpadding="2" width="100%">
<tr>
+<td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica,sanserif"><a
name="Fixed in Apache Tomcat 7.0.23">
+<!--()--></a><a name="Fixed_in_Apache_Tomcat_7.0.23"><strong>Fixed in Apache
Tomcat 7.0.23</strong></a></font></td><td align="right" bgcolor="#525D76"><font
color="#ffffff" face="arial,helvetica.sanserif"><strong>released 25 Nov
2011</strong></font></td>
+</tr>
+<tr>
+<td colspan="2">
+<p>
+<blockquote>
+
+
+<p>
+<strong>Important: Denial of service</strong>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0022";
rel="nofollow">CVE-2012-0022</a>
+</p>
+
+
+<p>Analysis of the recent hash collision vulnerability identified unrelated
+ inefficiencies with Apache Tomcat's handling of large numbers of
+ parameters and parameter values. These inefficiencies could allow an
+ attacker, via a specially crafted request, to cause large amounts of CPU
+ to be used which in turn could create a denial of service. The issue was
+ addressed by modifying the Tomcat parameter handling code to efficiently
+ process large numbers of parameters and parameter values.</p>
+
+
+<p>This was fixed in revisions <a
href="http://svn.apache.org/viewvc?view=rev&rev=1189899";>1189899</a>,
+ <a
href="http://svn.apache.org/viewvc?view=rev&rev=1190482";>1190482</a>,
+ <a
href="http://svn.apache.org/viewvc?view=rev&rev=1194917";>1194917</a>,
+ <a
href="http://svn.apache.org/viewvc?view=rev&rev=1195225";>1195225</a>,
+ <a
href="http://svn.apache.org/viewvc?view=rev&rev=1195226";>1195226</a>,
+ <a
href="http://svn.apache.org/viewvc?view=rev&rev=1195537";>1195537</a>,
+ <a
href="http://svn.apache.org/viewvc?view=rev&rev=1195909";>1195909</a>,
+ <a
href="http://svn.apache.org/viewvc?view=rev&rev=1195944";>1195944</a>,
+ <a
href="http://svn.apache.org/viewvc?view=rev&rev=1195951";>1195951</a>,
+ <a
href="http://svn.apache.org/viewvc?view=rev&rev=1195977";>1195977</a> and
+ <a
href="http://svn.apache.org/viewvc?view=rev&rev=1198641";>1198641</a>.</p>
+
+
+<p>This was identified by the Tomcat security team on 21 October 2011 and
+ made public on 17 January 2012.</p>
+
+
+<p>Affects: 7.0.0-7.0.22</p>
+
+
+</blockquote>
+</p>
+</td>
+</tr>
+<tr>
+<td>
+<br>
+</td>
+</tr>
+</table>
+<table border="0" cellspacing="0" cellpadding="2" width="100%">
+<tr>
<td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica,sanserif"><a
name="Fixed in Apache Tomcat 7.0.22">
<!--()--></a><a name="Fixed_in_Apache_Tomcat_7.0.22"><strong>Fixed in Apache
Tomcat 7.0.22</strong></a></font></td><td align="right" bgcolor="#525D76"><font
color="#ffffff" face="arial,helvetica.sanserif"><strong>released 1 Oct
2011</strong></font></td>
</tr>
@@ -319,6 +378,35 @@
<p>
+<strong>Important: Information disclosure</strong>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3375";
rel="nofollow">CVE-2011-3375</a>
+</p>
+
+
+<p>For performance reasons, information parsed from a request is often
+ cached in two places: the internal request object and the internal
+ processor object. These objects are not recycled at exactly the same
+ time. When certain errors occur that needed to be added to the access
+ log, the access logging process triggers the re-population of the
request
+ object after it has been recycled. However, the request object was not
+ recycled before being used for the next request. That lead to
information
+ leakage (e.g. remote IP address, HTTP headers) from the previous request
+ to the next request. The issue was resolved be ensuring that the request
+ and response objects were recycled after being re-populated to generate
+ the necessary access log entries.</p>
+
+
+<p>This was fixed in <a
href="http://svn.apache.org/viewvc?view=rev&rev=1176592";>revision
1176592</a>.</p>
+
+
+<p>This was identified by the Tomcat security team on 22 September 2011 and
+ made public on 17 January 2012.</p>
+
+
+<p>Affects: 7.0.0-7.0.21</p>
+
+
+<p>
<strong>Low: Privilege Escalation</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3376";
rel="nofollow">CVE-2011-3376</a>
</p>
Modified: tomcat/site/trunk/xdocs/security-5.xml
URL:
http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-5.xml?rev=1232388&r1=1232387&r2=1232388&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/security-5.xml (original)
+++ tomcat/site/trunk/xdocs/security-5.xml Tue Jan 17 11:34:44 2012
@@ -64,6 +64,30 @@
</section>
-->
+ <section name="Fixed in Apache Tomcat 5.5.35" rtext="released 1 Jan 2012">
+
+ <p><strong>Important: Denial of service</strong>
+ <cve>CVE-2012-0022</cve></p>
+
+ <p>Analysis of the recent hash collision vulnerability identified unrelated
+ inefficiencies with Apache Tomcat's handling of large numbers of
+ parameters and parameter values. These inefficiencies could allow an
+ attacker, via a specially crafted request, to cause large amounts of CPU
+ to be used which in turn could create a denial of service. The issue was
+ addressed by modifying the Tomcat parameter handling code to efficiently
+ process large numbers of parameters and parameter values.</p>
+
+ <p>This was fixed in revisions <revlink rev="1221282">1221282</revlink>,
+ <revlink rev="1224640">1224640</revlink> and
+ <revlink rev="1228191">1228191</revlink>.</p>
+
+ <p>This was identified by the Tomcat security team on 21 October 2011 and
+ made public on 17 January 2012.</p>
+
+ <p>Affects: 5.5.0-5.5.34</p>
+
+ </section>
+
<section name="Fixed in Apache Tomcat 5.5.34" rtext="released 22 Sep 2011">
<p><strong>Moderate: Multiple weaknesses in HTTP DIGEST
authentication</strong>
Modified: tomcat/site/trunk/xdocs/security-6.xml
URL:
http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-6.xml?rev=1232388&r1=1232387&r2=1232388&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/security-6.xml (original)
+++ tomcat/site/trunk/xdocs/security-6.xml Tue Jan 17 11:34:44 2012
@@ -51,11 +51,33 @@
<section name="Fixed in Apache Tomcat 6.0.35" rtext="released 5 Dec 2011">
- <p><strong>Note:</strong> <i>The issue below was fixed in Apache Tomcat
6.0.34 but the
- release vote for the 6.0.34 release candidate did not pass. Therefore,
- although users must download 6.0.35 to obtain a version that includes a
- fix for this issue, version 6.0.34 is not included in the list of
- affected versions.</i></p>
+ <p><strong>Note:</strong> <i>The issues below were fixed in Apache Tomcat
+ 6.0.34 but the release vote for the 6.0.34 release candidate did not
+ pass. Therefore, although users must download 6.0.35 to obtain a version
+ that includes a fix for this issue, version 6.0.34 is not included in
the
+ list of affected versions.</i></p>
+
+ <p><strong>Important: Information disclosure</strong>
+ <cve>CVE-2011-3375</cve></p>
+
+ <p>For performance reasons, information parsed from a request is often
+ cached in two places: the internal request object and the internal
+ processor object. These objects are not recycled at exactly the same
+ time. When certain errors occur that needed to be added to the access
+ log, the access logging process triggers the re-population of the
request
+ object after it has been recycled. However, the request object was not
+ recycled before being used for the next request. That lead to
information
+ leakage (e.g. remote IP address, HTTP headers) from the previous request
+ to the next request. The issue was resolved be ensuring that the request
+ and response objects were recycled after being re-populated to generate
+ the necessary access log entries.</p>
+
+ <p>This was fixed in <revlink rev="1185998">revision 1185998</revlink>.</p>
+
+ <p>This was identified by the Tomcat security team on 22 September 2011 and
+ made public on 17 January 2012.</p>
+
+ <p>Affects: 6.0.30-6.0.33</p>
<p><strong>Important: Authentication bypass and information disclosure
</strong>
@@ -107,6 +129,27 @@
<li><a href="/tomcat-6.0-doc/config/ajp.html">AJP Connector
documentation (Tomcat 6.0)</a></li>
<li><a href="/connectors-doc/reference/workers.html">workers.properties
configuration (mod_jk)</a></li>
</ul>
+
+ <p><strong>Important: Denial of service</strong>
+ <cve>CVE-2012-0022</cve></p>
+
+ <p>Analysis of the recent hash collision vulnerability identified unrelated
+ inefficiencies with Apache Tomcat's handling of large numbers of
+ parameters and parameter values. These inefficiencies could allow an
+ attacker, via a specially crafted request, to cause large amounts of CPU
+ to be used which in turn could create a denial of service. The issue was
+ addressed by modifying the Tomcat parameter handling code to efficiently
+ process large numbers of parameters and parameter values.</p>
+
+ <p>This was fixed in revisions <revlink rev="1200601">1200601</revlink>,
+ <revlink rev="1206324">1206324</revlink> and
+ <revlink rev="1229027">1229027</revlink>.</p>
+
+ <p>This was identified by the Tomcat security team on 21 October 2011 and
+ made public on 17 January 2012.</p>
+
+ <p>Affects: 6.0.0-6.0.33</p>
+
</section>
<section name="Fixed in Apache Tomcat 6.0.33" rtext="released 18 Aug 2011">
Modified: tomcat/site/trunk/xdocs/security-7.xml
URL:
http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-7.xml?rev=1232388&r1=1232387&r2=1232388&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/security-7.xml (original)
+++ tomcat/site/trunk/xdocs/security-7.xml Tue Jan 17 11:34:44 2012
@@ -50,8 +50,62 @@
</section>
+ <section name="Fixed in Apache Tomcat 7.0.23" rtext="released 25 Nov 2011">
+
+ <p><strong>Important: Denial of service</strong>
+ <cve>CVE-2012-0022</cve></p>
+
+ <p>Analysis of the recent hash collision vulnerability identified unrelated
+ inefficiencies with Apache Tomcat's handling of large numbers of
+ parameters and parameter values. These inefficiencies could allow an
+ attacker, via a specially crafted request, to cause large amounts of CPU
+ to be used which in turn could create a denial of service. The issue was
+ addressed by modifying the Tomcat parameter handling code to efficiently
+ process large numbers of parameters and parameter values.</p>
+
+ <p>This was fixed in revisions <revlink rev="1189899">1189899</revlink>,
+ <revlink rev="1190482">1190482</revlink>,
+ <revlink rev="1194917">1194917</revlink>,
+ <revlink rev="1195225">1195225</revlink>,
+ <revlink rev="1195226">1195226</revlink>,
+ <revlink rev="1195537">1195537</revlink>,
+ <revlink rev="1195909">1195909</revlink>,
+ <revlink rev="1195944">1195944</revlink>,
+ <revlink rev="1195951">1195951</revlink>,
+ <revlink rev="1195977">1195977</revlink> and
+ <revlink rev="1198641">1198641</revlink>.</p>
+
+ <p>This was identified by the Tomcat security team on 21 October 2011 and
+ made public on 17 January 2012.</p>
+
+ <p>Affects: 7.0.0-7.0.22</p>
+
+ </section>
+
<section name="Fixed in Apache Tomcat 7.0.22" rtext="released 1 Oct 2011">
+ <p><strong>Important: Information disclosure</strong>
+ <cve>CVE-2011-3375</cve></p>
+
+ <p>For performance reasons, information parsed from a request is often
+ cached in two places: the internal request object and the internal
+ processor object. These objects are not recycled at exactly the same
+ time. When certain errors occur that needed to be added to the access
+ log, the access logging process triggers the re-population of the
request
+ object after it has been recycled. However, the request object was not
+ recycled before being used for the next request. That lead to
information
+ leakage (e.g. remote IP address, HTTP headers) from the previous request
+ to the next request. The issue was resolved be ensuring that the request
+ and response objects were recycled after being re-populated to generate
+ the necessary access log entries.</p>
+
+ <p>This was fixed in <revlink rev="1176592">revision 1176592</revlink>.</p>
+
+ <p>This was identified by the Tomcat security team on 22 September 2011 and
+ made public on 17 January 2012.</p>
+
+ <p>Affects: 7.0.0-7.0.21</p>
+
<p><strong>Low: Privilege Escalation</strong>
<cve>CVE-2011-3376</cve></p>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
