Author: markt Date: Fri Aug 1 07:05:44 2008 New Revision: 681699 URL: http://svn.apache.org/viewvc?rev=681699&view=rev Log: Update security pages.
Modified: tomcat/site/trunk/docs/security-4.html tomcat/site/trunk/docs/security-5.html tomcat/site/trunk/docs/security-6.html tomcat/site/trunk/xdocs/security-4.xml tomcat/site/trunk/xdocs/security-5.xml tomcat/site/trunk/xdocs/security-6.xml Modified: tomcat/site/trunk/docs/security-4.html URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-4.html?rev=681699&r1=681698&r2=681699&view=diff ============================================================================== --- tomcat/site/trunk/docs/security-4.html (original) +++ tomcat/site/trunk/docs/security-4.html Fri Aug 1 07:05:44 2008 @@ -206,7 +206,6 @@ vulnerabilities in the 4.0.x branch will not be fixed. Users should upgrade to 4.1.x, 5.5.x or 6.x to obtain security fixes.</p> - </blockquote> </p> </td> @@ -298,6 +297,61 @@ <tr> <td bgcolor="#525D76"> <font color="#ffffff" face="arial,helvetica,sanserif"> +<a name="Fixed in Apache Tomcat 4.1.SVN"> +<strong>Fixed in Apache Tomcat 4.1.SVN</strong> +</a> +</font> +</td> +</tr> +<tr> +<td> +<p> +<blockquote> + + <p> +<strong>low: Cross-site scripting</strong> + <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1232"> + CVE-2008-1232</a> +</p> + + <p>The message argument of HttpServletResponse.sendError() call is not only + displayed on the error page, but is also used for the reason-phrase of + HTTP response. This may include characters that are illegal in HTTP + headers. It is possible for a specially crafted message to result in + arbitrary content being injected into the HTTP response. For a successful + XSS attack, unfiltered user supplied data must be included in the message + argument.</p> + + <p>Affects: 4.1.0-4.1.37</p> + + <p> +<strong>important: Information disclosure</strong> + <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2370"> + CVE-2008-2370</a> +</p> + + <p>When using a RequestDispatcher the target path was normalised before the + query string was removed. A request that included a specially crafted + request parameter could be used to access content that would otherwise be + protected by a security constraint or by locating it in under the WEB-INF + directory.</p> + + <p>Affects: 4.1.0-4.1.37</p> + + </blockquote> +</p> +</td> +</tr> +<tr> +<td> +<br/> +</td> +</tr> +</table> +<table border="0" cellspacing="0" cellpadding="2" width="100%"> +<tr> +<td bgcolor="#525D76"> +<font color="#ffffff" face="arial,helvetica,sanserif"> <a name="Fixed in Apache Tomcat 4.1.37"> <strong>Fixed in Apache Tomcat 4.1.37</strong> </a> Modified: tomcat/site/trunk/docs/security-5.html URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-5.html?rev=681699&r1=681698&r2=681699&view=diff ============================================================================== --- tomcat/site/trunk/docs/security-5.html (original) +++ tomcat/site/trunk/docs/security-5.html Fri Aug 1 07:05:44 2008 @@ -234,6 +234,22 @@ <blockquote> <p> <strong>low: Cross-site scripting</strong> + <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1232"> + CVE-2008-1232</a> +</p> + + <p>The message argument of HttpServletResponse.sendError() call is not only + displayed on the error page, but is also used for the reason-phrase of + HTTP response. This may include characters that are illegal in HTTP + headers. It is possible for a specially crafted message to result in + arbitrary content being injected into the HTTP response. For a successful + XSS attack, unfiltered user supplied data must be included in the message + argument.</p> + + <p>Affects: 5.5.0-5.5.26</p> + + <p> +<strong>low: Cross-site scripting</strong> <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1947"> CVE-2008-1947</a> </p> @@ -245,6 +261,21 @@ have been completed.</p> <p>Affects: 5.5.9-5.5.26</p> + + <p> +<strong>important: Information disclosure</strong> + <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2370"> + CVE-2008-2370</a> +</p> + + <p>When using a RequestDispatcher the target path was normalised before the + query string was removed. A request that included a specially crafted + request parameter could be used to access content that would otherwise be + protected by a security constraint or by locating it in under the WEB-INF + directory.</p> + + <p>Affects: 5.5.0-5.5.26</p> + </blockquote> </p> </td> Modified: tomcat/site/trunk/docs/security-6.html URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-6.html?rev=681699&r1=681698&r2=681699&view=diff ============================================================================== --- tomcat/site/trunk/docs/security-6.html (original) +++ tomcat/site/trunk/docs/security-6.html Fri Aug 1 07:05:44 2008 @@ -216,8 +216,8 @@ <tr> <td bgcolor="#525D76"> <font color="#ffffff" face="arial,helvetica,sanserif"> -<a name="Fixed in Apache Tomcat 6.0.SVN"> -<strong>Fixed in Apache Tomcat 6.0.SVN</strong> +<a name="Fixed in Apache Tomcat 6.0.18"> +<strong>Fixed in Apache Tomcat 6.0.18</strong> </a> </font> </td> @@ -228,6 +228,22 @@ <blockquote> <p> <strong>low: Cross-site scripting</strong> + <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1232"> + CVE-2008-1232</a> +</p> + + <p>The message argument of HttpServletResponse.sendError() call is not only + displayed on the error page, but is also used for the reason-phrase of + HTTP response. This may include characters that are illegal in HTTP + headers. It is possible for a specially crafted message to result in + arbitrary content being injected into the HTTP response. For a successful + XSS attack, unfiltered user supplied data must be included in the message + argument.</p> + + <p>Affects: 6.0.0-6.0.16</p> + + <p> +<strong>low: Cross-site scripting</strong> <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1947"> CVE-2008-1947</a> </p> @@ -239,6 +255,20 @@ have been completed.</p> <p>Affects: 6.0.0-6.0.16</p> + + <p> +<strong>important: Information disclosure</strong> + <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2370"> + CVE-2008-2370</a> +</p> + + <p>When using a RequestDispatcher the target path was normalised before the + query string was removed. A request that included a specially crafted + request parameter could be used to access content that would otherwise be + protected by a security constraint or by locating it in under the WEB-INF + directory.</p> + + <p>Affects: 6.0.0-6.0.16</p> </blockquote> </p> </td> Modified: tomcat/site/trunk/xdocs/security-4.xml URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-4.xml?rev=681699&r1=681698&r2=681699&view=diff ============================================================================== --- tomcat/site/trunk/xdocs/security-4.xml (original) +++ tomcat/site/trunk/xdocs/security-4.xml Fri Aug 1 07:05:44 2008 @@ -24,7 +24,6 @@ vulnerabilities in the 4.0.x branch will not be fixed. Users should upgrade to 4.1.x, 5.5.x or 6.x to obtain security fixes.</p> - </section> <section name="Will not be fixed in Apache Tomcat 4.1.x"> @@ -58,6 +57,36 @@ </section> + <section name="Fixed in Apache Tomcat 4.1.SVN"> + + <p><strong>low: Cross-site scripting</strong> + <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1232"> + CVE-2008-1232</a></p> + + <p>The message argument of HttpServletResponse.sendError() call is not only + displayed on the error page, but is also used for the reason-phrase of + HTTP response. This may include characters that are illegal in HTTP + headers. It is possible for a specially crafted message to result in + arbitrary content being injected into the HTTP response. For a successful + XSS attack, unfiltered user supplied data must be included in the message + argument.</p> + + <p>Affects: 4.1.0-4.1.37</p> + + <p><strong>important: Information disclosure</strong> + <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2370"> + CVE-2008-2370</a></p> + + <p>When using a RequestDispatcher the target path was normalised before the + query string was removed. A request that included a specially crafted + request parameter could be used to access content that would otherwise be + protected by a security constraint or by locating it in under the WEB-INF + directory.</p> + + <p>Affects: 4.1.0-4.1.37</p> + + </section> + <section name="Fixed in Apache Tomcat 4.1.37"> <p><strong>important: Information disclosure</strong> <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3164"> Modified: tomcat/site/trunk/xdocs/security-5.xml URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-5.xml?rev=681699&r1=681698&r2=681699&view=diff ============================================================================== --- tomcat/site/trunk/xdocs/security-5.xml (original) +++ tomcat/site/trunk/xdocs/security-5.xml Fri Aug 1 07:05:44 2008 @@ -30,6 +30,20 @@ <section name="Fixed in Apache Tomcat 5.5.SVN"> <p><strong>low: Cross-site scripting</strong> + <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1232"> + CVE-2008-1232</a></p> + + <p>The message argument of HttpServletResponse.sendError() call is not only + displayed on the error page, but is also used for the reason-phrase of + HTTP response. This may include characters that are illegal in HTTP + headers. It is possible for a specially crafted message to result in + arbitrary content being injected into the HTTP response. For a successful + XSS attack, unfiltered user supplied data must be included in the message + argument.</p> + + <p>Affects: 5.5.0-5.5.26</p> + + <p><strong>low: Cross-site scripting</strong> <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1947"> CVE-2008-1947</a></p> @@ -40,6 +54,19 @@ have been completed.</p> <p>Affects: 5.5.9-5.5.26</p> + + <p><strong>important: Information disclosure</strong> + <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2370"> + CVE-2008-2370</a></p> + + <p>When using a RequestDispatcher the target path was normalised before the + query string was removed. A request that included a specially crafted + request parameter could be used to access content that would otherwise be + protected by a security constraint or by locating it in under the WEB-INF + directory.</p> + + <p>Affects: 5.5.0-5.5.26</p> + </section> <section name="Fixed in Apache Tomcat 5.5.26"> Modified: tomcat/site/trunk/xdocs/security-6.xml URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-6.xml?rev=681699&r1=681698&r2=681699&view=diff ============================================================================== --- tomcat/site/trunk/xdocs/security-6.xml (original) +++ tomcat/site/trunk/xdocs/security-6.xml Fri Aug 1 07:05:44 2008 @@ -22,7 +22,21 @@ </section> - <section name="Fixed in Apache Tomcat 6.0.SVN"> + <section name="Fixed in Apache Tomcat 6.0.18"> + <p><strong>low: Cross-site scripting</strong> + <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1232"> + CVE-2008-1232</a></p> + + <p>The message argument of HttpServletResponse.sendError() call is not only + displayed on the error page, but is also used for the reason-phrase of + HTTP response. This may include characters that are illegal in HTTP + headers. It is possible for a specially crafted message to result in + arbitrary content being injected into the HTTP response. For a successful + XSS attack, unfiltered user supplied data must be included in the message + argument.</p> + + <p>Affects: 6.0.0-6.0.16</p> + <p><strong>low: Cross-site scripting</strong> <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1947"> CVE-2008-1947</a></p> @@ -34,8 +48,21 @@ have been completed.</p> <p>Affects: 6.0.0-6.0.16</p> + + <p><strong>important: Information disclosure</strong> + <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2370"> + CVE-2008-2370</a></p> + + <p>When using a RequestDispatcher the target path was normalised before the + query string was removed. A request that included a specially crafted + request parameter could be used to access content that would otherwise be + protected by a security constraint or by locating it in under the WEB-INF + directory.</p> + + <p>Affects: 6.0.0-6.0.16</p> </section> + <section name="Fixed in Apache Tomcat 6.0.16"> <p><strong>low: Session hi-jacking</strong> <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5333"> --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]