[Bug 714239] Re: Tomcat6 version below 6.0.32 can be easily brought down
This bug was fixed in the package tomcat6 - 6.0.20-2ubuntu2.4 --- tomcat6 (6.0.20-2ubuntu2.4) karmic-security; urgency=low * SECURITY UPDATE: directory traversal via incorrect ServetContext attribute (LP: #717396) - debian/patches/0012-CVE-2010-3718.patch: mark as read only in java/org/apache/catalina/core/StandardContext.java. - CVE-2010-3718 * SECURITY UPDATE: cross-site scripting in HTML Manager interface - debian/patches/0013-CVE-2011-0013.patch: properly filter values in java/org/apache/catalina/manager/{HTMLManagerServlet.java, StatusTransformer.java}. - CVE-2011-0013 * SECURITY UPDATE: denial of service via NIOS HTTP connector (LP: #714239, LP: #717396) - debian/patches/0014-CVE-2011-0534.patch: enforce proper size in java/org/apache/coyote/http11/InternalNioInputBuffer.java. - CVE-2011-0534 -- Marc DeslauriersThu, 24 Mar 2011 13:58:06 -0400 -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to tomcat6 in ubuntu. https://bugs.launchpad.net/bugs/714239 Title: Tomcat6 version below 6.0.32 can be easily brought down -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 714239] Re: Tomcat6 version below 6.0.32 can be easily brought down
This bug was fixed in the package tomcat6 - 6.0.24-2ubuntu1.7 --- tomcat6 (6.0.24-2ubuntu1.7) lucid-security; urgency=low * SECURITY UPDATE: directory traversal via incorrect ServetContext attribute (LP: #717396) - debian/patches/0012-CVE-2010-3718.patch: mark as read only in java/org/apache/catalina/core/StandardContext.java. - CVE-2010-3718 * SECURITY UPDATE: cross-site scripting in HTML Manager interface - debian/patches/0013-CVE-2011-0013.patch: properly filter values in java/org/apache/catalina/manager/{HTMLManagerServlet.java, StatusTransformer.java}. - CVE-2011-0013 * SECURITY UPDATE: denial of service via NIOS HTTP connector (LP: #714239, LP: #717396) - debian/patches/0014-CVE-2011-0534.patch: enforce proper size in java/org/apache/coyote/http11/InternalNioInputBuffer.java. - CVE-2011-0534 -- Marc DeslauriersThu, 24 Mar 2011 11:08:39 -0400 ** Changed in: tomcat6 (Ubuntu Karmic) Status: Triaged => Fix Released -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to tomcat6 in ubuntu. https://bugs.launchpad.net/bugs/714239 Title: Tomcat6 version below 6.0.32 can be easily brought down -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 714239] Re: Tomcat6 version below 6.0.32 can be easily brought down
This bug was fixed in the package tomcat6 - 6.0.28-2ubuntu1.2 --- tomcat6 (6.0.28-2ubuntu1.2) maverick-security; urgency=low * SECURITY UPDATE: directory traversal via incorrect ServetContext attribute (LP: #717396) - debian/patches/0012-CVE-2010-3718.patch: mark as read only in java/org/apache/catalina/core/StandardContext.java. - CVE-2010-3718 * SECURITY UPDATE: cross-site scripting in HTML Manager interface - debian/patches/0013-CVE-2011-0013.patch: properly filter values in java/org/apache/catalina/manager/{HTMLManagerServlet.java, StatusTransformer.java}. - CVE-2011-0013 * SECURITY UPDATE: denial of service via NIOS HTTP connector (LP: #714239, LP: #717396) - debian/patches/0014-CVE-2011-0534.patch: enforce proper size in java/org/apache/coyote/http11/InternalNioInputBuffer.java. - CVE-2011-0534 -- Marc DeslauriersThu, 24 Mar 2011 10:10:09 -0400 ** Changed in: tomcat6 (Ubuntu Maverick) Status: Triaged => Fix Released ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2010-3718 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2011-0013 ** Changed in: tomcat6 (Ubuntu Lucid) Status: Triaged => Fix Released -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to tomcat6 in ubuntu. https://bugs.launchpad.net/bugs/714239 Title: Tomcat6 version below 6.0.32 can be easily brought down -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 714239] Re: Tomcat6 version below 6.0.32 can be easily brought down
6.0.28-10 is in Natty, which has a fix for this issue. ** Visibility changed to: Public ** Also affects: tomcat6 (Ubuntu Karmic) Importance: Undecided Status: New ** Also affects: tomcat6 (Ubuntu Lucid) Importance: Undecided Status: New ** Also affects: tomcat6 (Ubuntu Natty) Importance: Undecided Status: New ** Also affects: tomcat6 (Ubuntu Maverick) Importance: Undecided Status: New ** Changed in: tomcat6 (Ubuntu Natty) Status: New => Fix Released ** Changed in: tomcat6 (Ubuntu Lucid) Status: New => Triaged ** Changed in: tomcat6 (Ubuntu Lucid) Importance: Undecided => Medium ** Changed in: tomcat6 (Ubuntu Maverick) Status: New => Triaged ** Changed in: tomcat6 (Ubuntu Maverick) Importance: Undecided => Medium ** Changed in: tomcat6 (Ubuntu Karmic) Status: New => Triaged ** Changed in: tomcat6 (Ubuntu Karmic) Importance: Undecided => Medium -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to tomcat6 in ubuntu. https://bugs.launchpad.net/bugs/714239 Title: Tomcat6 version below 6.0.32 can be easily brought down -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs