Modified: tomcat/site/trunk/docs/resources.html URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/resources.html?rev=1873980&r1=1873979&r2=1873980&view=diff ============================================================================== --- tomcat/site/trunk/docs/resources.html (original) +++ tomcat/site/trunk/docs/resources.html Thu Feb 13 15:24:17 2020 @@ -1,376 +1,100 @@ <!DOCTYPE html SYSTEM "about:legacy-compat"> -<html lang="en"> - <head> - <META http-equiv="Content-Type" content="text/html; charset=UTF-8"> - <meta name="viewport" content="width=device-width, initial-scale=1"> - <link href="res/css/tomcat.css" rel="stylesheet" type="text/css"> - <link href="res/css/fonts/fonts.css" rel="stylesheet" type="text/css"> - <title>Apache Tomcat® - Resources</title> - <meta name="author" content="Remy Maucherat"> - </head> - <body> - <div id="wrapper"> - <header id="header"> - <div class="clearfix"> - <div class="menu-toggler pull-left" tabindex="1"> - <div class="hamburger"></div> - </div> - <a href="http://tomcat.apache.org/";><img class="tomcat-logo pull-left noPrint" alt="Tomcat Home" src="res/images/tomcat.png"></a> - <h1 class="pull-left"> - Apache Tomcat<sup>®</sup> - </h1> - <div class="asf-logos pull-right"> - <a href="https://www.apache.org/foundation/contributing.html"; target="_blank" class="pull-left"><img src="https://www.apache.org/images/SupportApache-small.png"; class="support-asf" alt="Support Apache"></a><a href="http://www.apache.org/"; target="_blank" class="pull-left"><img src="res/images/asf_logo.svg" class="asf-logo" alt="The Apache Software Foundation"></a> - </div> - </div> - </header> - <main id="middle"> - <div> - <div id="mainLeft"> - <div id="nav-wrapper"> - <form action="https://www.google.com/search"; method="get"> - <div class="searchbox"> - <input value="tomcat.apache.org" name="sitesearch" type="hidden"><input aria-label="Search text" placeholder="Search…" required="required" name="q" id="query" type="search"><button>GO</button> - </div> - </form> - <div class="asfevents"> - <a href="https://www.apache.org/events/current-event.html";><img src="https://www.apache.org/events/current-event-234x60.png"; alt="Next ASF event"> - <br> - Save the date! - </a> - </div> - <nav> - <div> - <h2>Apache Tomcat</h2> - <ul> - <li> - <a href="./index.html">Home</a> - </li> - <li> - <a href="./taglibs.html">Taglibs</a> - </li> - <li> - <a href="./maven-plugin.html">Maven Plugin</a> - </li> - </ul> - </div> - <div> - <h2>Download</h2> - <ul> - <li> - <a href="./whichversion.html">Which version?</a> - </li> - <li> - <a href="https://tomcat.apache.org/download-90.cgi";>Tomcat 9</a> - </li> - <li> - <a href="https://tomcat.apache.org/download-80.cgi";>Tomcat 8</a> - </li> - <li> - <a href="https://tomcat.apache.org/download-70.cgi";>Tomcat 7</a> - </li> - <li> - <a href="https://tomcat.apache.org/download-connectors.cgi";>Tomcat Connectors</a> - </li> - <li> - <a href="https://tomcat.apache.org/download-native.cgi";>Tomcat Native</a> - </li> - <li> - <a href="https://tomcat.apache.org/download-taglibs.cgi";>Taglibs</a> - </li> - <li> - <a href="https://archive.apache.org/dist/tomcat/";>Archives</a> - </li> - </ul> - </div> - <div> - <h2>Documentation</h2> - <ul> - <li> - <a href="./tomcat-9.0-doc/index.html">Tomcat 9.0</a> - </li> - <li> - <a href="./tomcat-8.5-doc/index.html">Tomcat 8.5</a> - </li> - <li> - <a href="./tomcat-7.0-doc/index.html">Tomcat 7.0</a> - </li> - <li> - <a href="./connectors-doc/">Tomcat Connectors</a> - </li> - <li> - <a href="./native-doc/">Tomcat Native</a> - </li> - <li> - <a href="https://cwiki.apache.org/confluence/display/TOMCAT";>Wiki</a> - </li> - <li> - <a href="./migration.html">Migration Guide</a> - </li> - <li> - <a href="./presentations.html">Presentations</a> - </li> - </ul> - </div> - <div> - <h2>Problems?</h2> - <ul> - <li> - <a href="./security.html">Security Reports</a> - </li> - <li> - <a href="./findhelp.html">Find help</a> - </li> - <li> - <a href="https://cwiki.apache.org/confluence/display/TOMCAT/FAQ";>FAQ</a> - </li> - <li> - <a href="./lists.html">Mailing Lists</a> - </li> - <li> - <a href="./bugreport.html">Bug Database</a> - </li> - <li> - <a href="./irc.html">IRC</a> - </li> - </ul> - </div> - <div> - <h2>Get Involved</h2> - <ul> - <li> - <a href="./getinvolved.html">Overview</a> - </li> - <li> - <a href="./source.html">Source code</a> - </li> - <li> - <a href="./ci.html">Buildbot</a> - </li> - <li> - <a href="https://cwiki.apache.org/confluence/x/vIPzBQ";>Translations</a> - </li> - <li> - <a href="./tools.html">Tools</a> - </li> - </ul> - </div> - <div> - <h2>Media</h2> - <ul> - <li> - <a href="https://twitter.com/theapachetomcat";>Twitter</a> - </li> - <li> - <a href="https://www.youtube.com/c/ApacheTomcatOfficial";>YouTube</a> - </li> - <li> - <a href="https://blogs.apache.org/tomcat/";>Blog</a> - </li> - </ul> - </div> - <div> - <h2>Misc</h2> - <ul> - <li> - <a href="./whoweare.html">Who We Are</a> - </li> - <li> - <a href="https://www.redbubble.com/people/comdev/works/30885254-apache-tomcat";>Swag</a> - </li> - <li> - <a href="./heritage.html">Heritage</a> - </li> - <li> - <a href="http://www.apache.org";>Apache Home</a> - </li> - <li> - <a href="./resources.html">Resources</a> - </li> - <li> - <a href="./contact.html">Contact</a> - </li> - <li> - <a href="./legal.html">Legal</a> - </li> - <li> - <a href="https://www.apache.org/foundation/contributing.html";>Support Apache</a> - </li> - <li> - <a href="https://www.apache.org/foundation/sponsorship.html";>Sponsorship</a> - </li> - <li> - <a href="http://www.apache.org/foundation/thanks.html";>Thanks</a> - </li> - <li> - <a href="http://www.apache.org/licenses/";>License</a> - </li> - </ul> - </div> - </nav> - </div> - </div> - <div id="mainRight"> - <div id="content"> - <h2 style="display: none;">Content</h2> - <h3 id="Third_party_tools_and_add-ons">Third party tools and add-ons</h3> - <div class="text"> - - <p> - A <a href="https://cwiki.apache.org/confluence/display/TOMCAT/AddOns";>list +<html lang="en"><head><META http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"><link href="res/css/tomcat.css" rel="stylesheet" type="text/css"><link href="res/css/fonts/fonts.css" rel="stylesheet" type="text/css"><title>Apache Tomcat® - Resources</title><meta name="author" content="Remy Maucherat"></head><body><div id="wrapper"><header id="header"><div class="clearfix"><div class="menu-toggler pull-left" tabindex="1"><div class="hamburger"></div></div><a href="http://tomcat.apache.org/";><img class="tomcat-logo pull-left noPrint" alt="Tomcat Home" src="res/images/tomcat.png"></a><h1 class="pull-left">Apache Tomcat<sup>®</sup></h1><div class="asf-logos pull-right"><a href="https://www.apache.org/foundation/contributing.html"; target="_blank" class="pull-left"><img src="https://www.apache.org/images/SupportApache-small.png"; class="support-asf" alt="Support Apache"></a><a href="http://www.apache.org/"; target="_blank" class="pull-left"><img src="res/images/asf_logo.svg" class="asf-logo" alt="The Apache Software Foundation"></a></div></div></header><main id="middle"><div><div id="mainLeft"><div id="nav-wrapper"><form action="https://www.google.com/search"; method="get"><div class="searchbox"><input value="tomcat.apache.org" name="sitesearch" type="hidden"><input aria-label="Search text" placeholder="Search…" required="required" name="q" id="query" type="search"><button>GO</button></div></form><div class="asfevents"><a href="https://www.apache.org/events/current-event.html";><img src="https://www.apache.org/events/current-event-234x60.png"; alt="Next ASF event"><br> + Save the date! + </a></div><nav><div><h2>Apache Tomcat</h2><ul><li><a href="./index.html">Home</a></li><li><a href="./taglibs.html">Taglibs</a></li><li><a href="./maven-plugin.html">Maven Plugin</a></li></ul></div><div><h2>Download</h2><ul><li><a href="./whichversion.html">Which version?</a></li><li><a href="https://tomcat.apache.org/download-90.cgi";>Tomcat 9</a></li><li><a href="https://tomcat.apache.org/download-80.cgi";>Tomcat 8</a></li><li><a href="https://tomcat.apache.org/download-70.cgi";>Tomcat 7</a></li><li><a href="https://tomcat.apache.org/download-connectors.cgi";>Tomcat Connectors</a></li><li><a href="https://tomcat.apache.org/download-native.cgi";>Tomcat Native</a></li><li><a href="https://tomcat.apache.org/download-taglibs.cgi";>Taglibs</a></li><li><a href="https://archive.apache.org/dist/tomcat/";>Archives</a></li></ul></div><div><h2>Documentation</h2><ul><li><a href="./tomcat-9.0-doc/index.html">Tomcat 9.0</a></li><li><a href="./tomcat-8.5-doc/index.html">Tomcat 8.5</a></li><l i><a href="./tomcat-7.0-doc/index.html">Tomcat 7.0</a></li><li><a href="./connectors-doc/">Tomcat Connectors</a></li><li><a href="./native-doc/">Tomcat Native</a></li><li><a href="https://cwiki.apache.org/confluence/display/TOMCAT";>Wiki</a></li><li><a href="./migration.html">Migration Guide</a></li><li><a href="./presentations.html">Presentations</a></li></ul></div><div><h2>Problems?</h2><ul><li><a href="./security.html">Security Reports</a></li><li><a href="./findhelp.html">Find help</a></li><li><a href="https://cwiki.apache.org/confluence/display/TOMCAT/FAQ";>FAQ</a></li><li><a href="./lists.html">Mailing Lists</a></li><li><a href="./bugreport.html">Bug Database</a></li><li><a href="./irc.html">IRC</a></li></ul></div><div><h2>Get Involved</h2><ul><li><a href="./getinvolved.html">Overview</a></li><li><a href="./source.html">Source code</a></li><li><a href="./ci.html">Buildbot</a></li><li><a href="https://cwiki.apache.org/confluence/x/vIPzBQ";>Translations</a></li><li><a href="./tools .html">Tools</a></li></ul></div><div><h2>Media</h2><ul><li><a href="https://twitter.com/theapachetomcat";>Twitter</a></li><li><a href="https://www.youtube.com/c/ApacheTomcatOfficial";>YouTube</a></li><li><a href="https://blogs.apache.org/tomcat/";>Blog</a></li></ul></div><div><h2>Misc</h2><ul><li><a href="./whoweare.html">Who We Are</a></li><li><a href="https://www.redbubble.com/people/comdev/works/30885254-apache-tomcat";>Swag</a></li><li><a href="./heritage.html">Heritage</a></li><li><a href="http://www.apache.org";>Apache Home</a></li><li><a href="./resources.html">Resources</a></li><li><a href="./contact.html">Contact</a></li><li><a href="./legal.html">Legal</a></li><li><a href="https://www.apache.org/foundation/contributing.html";>Support Apache</a></li><li><a href="https://www.apache.org/foundation/sponsorship.html";>Sponsorship</a></li><li><a href="http://www.apache.org/foundation/thanks.html";>Thanks</a></li><li><a href="http://www.apache.org/licenses/";>License</a></li></ul></div></ nav></div></div><div id="mainRight"><div id="content"><h2 style="display: none;">Content</h2><h3 id="Third_party_tools_and_add-ons">Third party tools and add-ons</h3><div class="text"> + + <p>A <a href="https://cwiki.apache.org/confluence/display/TOMCAT/AddOns";>list of third party tools and add-ons</a> (most of them free) is maintained on the <a href="https://cwiki.apache.org/confluence/display/TOMCAT";>Apache Tomcat wiki</a>. Please note that the Apache Tomcat project doesn't endorse any of the products listed. If you use or develop a tool or add-on for Apache Tomcat - please feel free to add it to the list on the wiki. - </p> - - </div> - <h3 id="Articles">Articles</h3> - <div class="text"> - - <ul> - - <li> - <b><a href="articles/benchmark_summary.pdf">So Much Static</a></b>, a + please feel free to add it to the list on the wiki.</p> + +</div><h3 id="Articles">Articles</h3><div class="text"> + + <ul> + <li> + <b><a href="articles/benchmark_summary.pdf">So Much Static</a></b>, a traffic and performance benchmark analysis by Peter Lin. - - </li> - - <li> - There are many documents explaining how to connect various versions of + </li> + <li> + There are many documents explaining how to connect various versions of Apache Web Server (httpd) or Microsoft IIS and Apache Tomcat. Some of these documents are more up to date than others. Links to some of the more useful documents are listed on the Apache Tomcat wiki's <a href="https://cwiki.apache.org/confluence/display/TOMCAT/UsefulLinks";>useful links</a> page. - - </li> - - <li> - <b><a href="articles/performance.pdf">Tomcat Performance</a></b>, + </li> + <li> + <b><a href="articles/performance.pdf">Tomcat Performance</a></b>, by Peter Lin - - </li> - - </ul> - - </div> - <h3 id="Books">Books</h3> - <div class="text"> - - <p>The Apache Tomcat project doesn't endorse any of the books mentioned + </li> + </ul> + +</div><h3 id="Books">Books</h3><div class="text"> + + <p>The Apache Tomcat project doesn't endorse any of the books mentioned here. They are mentioned just because they are Tomcat centric and may be useful references. The books are listed by descending publication date.</p> - - <p>Tomcat committers' names are indicated in bold.</p> - - <ul> - - <li> - <b><a href="http://www.packtpub.com/apache-tomcat-7-essentials-building-middleware-servers/book?utm_source=tomcat.apache.org&utm_medium=link&utm_content=pod&utm_campaign=mdb_002136"; rel="nofollow">Apache Tomcat 7 Essentials</a></b>, by Tanuj Khare - <br> - <i>Packt Publishing (03/2012)</i> - - </li> - - <li> - <b><a href="http://www.packtpub.com/tomcat-6-developers-guide/book?utm_source=tomcat.apache.org&utm_medium=link&utm_content=pod&utm_campaign=mdb_002136"; rel="nofollow">Tomcat 6 Developer's Guide</a></b>, by Damodar Chetty - <br> - <i>Packt Publishing (12/2009)</i> - - </li> - - <li> - <b><a href="http://www.amazon.com/exec/obidos/tg/detail/-/0596003188/qid=1043089531/sr=1-6/ref=sr_1_6/002-9433156-6683214?v=glance&s=books"; rel="nofollow">Tomcat: The Definitive Guide (2nd ed.)</a></b>, by Jason Brittain, <b>Ian F. Darwin</b> - <br> - <i>O'Reilly & Associates (10/2007)</i> - - </li> - - <li> - <b><a href="http://www.brainysoftware.com/"; rel="nofollow">How Tomcat Works</a></b>, by Budi Kurniawan - <br> - <i>? (09/2003)</i> - - </li> - - <li> - <b><a href="http://www.amazon.com/exec/obidos/tg/detail/-/0764526065/qid=1043089531/sr=1-9/ref=sr_1_9/002-9433156-6683214?v=glance&s=books"; rel="nofollow">Apache Tomcat Bible</a></b>, by Jon Eaves, Warner Godfrey, Rupert Jones - <br> - <i>Hungry Minds, Inc (06/2003)</i> - - </li> - - <li> - <b><a href="http://www.amazon.com/exec/obidos/tg/detail/-/1861008309/qid=1043089531/sr=1-8/ref=sr_1_8/002-9433156-6683214?v=glance&s=books"; rel="nofollow">Apache Tomcat Security Handbook</a></b>, by Vivek Chopra, Ben Galbriaths, Gotham Pollysetty, Brian Rickabaugh, <b>John Turner</b> - <br> - <i>Wrox Press (02/2003)</i> - - </li> - - <li> - <b><a href="http://www.amazon.com/exec/obidos/tg/detail/-/0672324393/qid=1043089531/sr=1-5/ref=sr_1_5/002-9433156-6683214?v=glance&s=books"; rel="nofollow">Tomcat Kick Start</a></b>, by Martin Bond, Debbie Law - <br> - <i>Sams (11/2002)</i> - - </li> - - <li> - <b><a href="http://www.amazon.com/exec/obidos/tg/detail/-/0471237647/qid=1043089531/sr=1-1/ref=sr_1_1/002-9433156-6683214?v=glance&s=books"; rel="nofollow">Mastering Tomcat Development</a></b>, by Peter Harrison, Ian McFarland - <br> - <i>John Wiley & Sons (10/2002)</i> - - </li> - - <li> - <b><a href="http://www.amazon.com/exec/obidos/tg/detail/-/1861007736/ref=pd_sbs_b_1/002-9433156-6683214?v=glance&s=books"; rel="nofollow">Professional Apache Tomcat</a></b>, by Chanoch Wiggers, Ben Galbraith, Vivek Chopra, Sing Li, Debashish Bhattacharjee, Amit Bakore, Romin Irani, Sandip Bhattacharya, Chad Fowler - <br> - <i>Wrox Press (09/2002)</i> - - </li> - - <li> - <b><a href="http://www.amazon.com/Professional-Apache-Tomcat-WROX-Guides/dp/0471753610"; rel="nofollow">Professional Apache Tomcat 6</a></b>, by by Vivek Chopra, Sing Li, Jeff Genender. - - <br> - <i>Wrox Press (August 2007)</i> - - <br> - ISBN: 0471753610 - - </li> - - <li> - <b><a href="http://tomcatbook.sourceforge.net/"; rel="nofollow">Tomcat Book Project</a></b> - - </li> - - <li> - <b><a href="http://www.amazon.com/exec/obidos/tg/detail/-/1893115364/qid=1043089531/sr=1-4/ref=sr_1_4/002-9433156-6683214?v=glance&s=books"; rel="nofollow">Apache Jakarta-Tomcat</a></b>, by James Goodwill - <br> - <i>APress (12/2001)</i> - - </li> - - </ul> - - </div> - </div> - </div> - </div> - </main> - <footer id="footer"> - Copyright © 1999-2020, The Apache Software Foundation - - <br> - Apache Tomcat, Tomcat, Apache, the Apache feather, and the Apache Tomcat + + <p>Tomcat committers' names are indicated in bold.</p> + + <ul> + <li> + <b><a href="http://www.packtpub.com/apache-tomcat-7-essentials-building-middleware-servers/book?utm_source=tomcat.apache.org&utm_medium=link&utm_content=pod&utm_campaign=mdb_002136"; rel="nofollow">Apache Tomcat 7 Essentials</a></b>, by Tanuj Khare<br> + <i>Packt Publishing (03/2012)</i> + </li> + <li> + <b><a href="http://www.packtpub.com/tomcat-6-developers-guide/book?utm_source=tomcat.apache.org&utm_medium=link&utm_content=pod&utm_campaign=mdb_002136"; rel="nofollow">Tomcat 6 Developer's Guide</a></b>, by Damodar Chetty<br> + <i>Packt Publishing (12/2009)</i> + </li> + <li> + <b><a href="http://www.amazon.com/exec/obidos/tg/detail/-/0596003188/qid=1043089531/sr=1-6/ref=sr_1_6/002-9433156-6683214?v=glance&s=books"; rel="nofollow">Tomcat: The Definitive Guide (2nd ed.)</a></b>, by Jason Brittain, <b>Ian F. Darwin</b><br> + <i>O'Reilly & Associates (10/2007)</i> + </li> + <li> + <b><a href="http://www.brainysoftware.com/"; rel="nofollow">How Tomcat Works</a></b>, by Budi Kurniawan<br> + <i>? (09/2003)</i> + </li> + <li> + <b><a href="http://www.amazon.com/exec/obidos/tg/detail/-/0764526065/qid=1043089531/sr=1-9/ref=sr_1_9/002-9433156-6683214?v=glance&s=books"; rel="nofollow">Apache Tomcat Bible</a></b>, by Jon Eaves, Warner Godfrey, Rupert Jones<br> + <i>Hungry Minds, Inc (06/2003)</i> + </li> + <li> + <b><a href="http://www.amazon.com/exec/obidos/tg/detail/-/1861008309/qid=1043089531/sr=1-8/ref=sr_1_8/002-9433156-6683214?v=glance&s=books"; rel="nofollow">Apache Tomcat Security Handbook</a></b>, by Vivek Chopra, Ben Galbriaths, Gotham Pollysetty, Brian Rickabaugh, <b>John Turner</b><br> + <i>Wrox Press (02/2003)</i> + </li> + <li> + <b><a href="http://www.amazon.com/exec/obidos/tg/detail/-/0672324393/qid=1043089531/sr=1-5/ref=sr_1_5/002-9433156-6683214?v=glance&s=books"; rel="nofollow">Tomcat Kick Start</a></b>, by Martin Bond, Debbie Law<br> + <i>Sams (11/2002)</i> + </li> + <li> + <b><a href="http://www.amazon.com/exec/obidos/tg/detail/-/0471237647/qid=1043089531/sr=1-1/ref=sr_1_1/002-9433156-6683214?v=glance&s=books"; rel="nofollow">Mastering Tomcat Development</a></b>, by Peter Harrison, Ian McFarland<br> + <i>John Wiley & Sons (10/2002)</i> + </li> + <li> + <b><a href="http://www.amazon.com/exec/obidos/tg/detail/-/1861007736/ref=pd_sbs_b_1/002-9433156-6683214?v=glance&s=books"; rel="nofollow">Professional Apache Tomcat</a></b>, by Chanoch Wiggers, Ben Galbraith, Vivek Chopra, Sing Li, Debashish Bhattacharjee, Amit Bakore, Romin Irani, Sandip Bhattacharya, Chad Fowler<br> + <i>Wrox Press (09/2002)</i> + </li> + <li> + <b><a href="http://www.amazon.com/Professional-Apache-Tomcat-WROX-Guides/dp/0471753610"; rel="nofollow">Professional Apache Tomcat 6</a></b>, by by Vivek Chopra, Sing Li, Jeff Genender. + <br><i>Wrox Press (August 2007)</i> + <br>ISBN: 0471753610 + </li> + <li> + <b><a href="http://tomcatbook.sourceforge.net/"; rel="nofollow">Tomcat Book Project</a></b> + </li> + <li> + <b><a href="http://www.amazon.com/exec/obidos/tg/detail/-/1893115364/qid=1043089531/sr=1-4/ref=sr_1_4/002-9433156-6683214?v=glance&s=books"; rel="nofollow">Apache Jakarta-Tomcat</a></b>, by James Goodwill<br> + <i>APress (12/2001)</i> + </li> + </ul> + +</div></div></div></div></main><footer id="footer"> + Copyright © 1999-2020, The Apache Software Foundation + <br> + Apache Tomcat, Tomcat, Apache, the Apache feather, and the Apache Tomcat project logo are either registered trademarks or trademarks of the Apache Software Foundation. - - </footer> - </div> - <script src="res/js/tomcat.js"></script> - </body> -</html> + </footer></div><script src="res/js/tomcat.js"></script></body></html> \ No newline at end of file
Modified: tomcat/site/trunk/docs/security-3.html URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-3.html?rev=1873980&r1=1873979&r2=1873980&view=diff ============================================================================== --- tomcat/site/trunk/docs/security-3.html (original) +++ tomcat/site/trunk/docs/security-3.html Thu Feb 13 15:24:17 2020 @@ -1,508 +1,174 @@ <!DOCTYPE html SYSTEM "about:legacy-compat"> -<html lang="en"> - <head> - <META http-equiv="Content-Type" content="text/html; charset=UTF-8"> - <meta name="viewport" content="width=device-width, initial-scale=1"> - <link href="res/css/tomcat.css" rel="stylesheet" type="text/css"> - <link href="res/css/fonts/fonts.css" rel="stylesheet" type="text/css"> - <title>Apache Tomcat® - Apache Tomcat 3.x vulnerabilities</title> - <meta name="author" content="Apache Tomcat Project"> - </head> - <body> - <div id="wrapper"> - <header id="header"> - <div class="clearfix"> - <div class="menu-toggler pull-left" tabindex="1"> - <div class="hamburger"></div> - </div> - <a href="http://tomcat.apache.org/";><img class="tomcat-logo pull-left noPrint" alt="Tomcat Home" src="res/images/tomcat.png"></a> - <h1 class="pull-left"> - Apache Tomcat<sup>®</sup> - </h1> - <div class="asf-logos pull-right"> - <a href="https://www.apache.org/foundation/contributing.html"; target="_blank" class="pull-left"><img src="https://www.apache.org/images/SupportApache-small.png"; class="support-asf" alt="Support Apache"></a><a href="http://www.apache.org/"; target="_blank" class="pull-left"><img src="res/images/asf_logo.svg" class="asf-logo" alt="The Apache Software Foundation"></a> - </div> - </div> - </header> - <main id="middle"> - <div> - <div id="mainLeft"> - <div id="nav-wrapper"> - <form action="https://www.google.com/search"; method="get"> - <div class="searchbox"> - <input value="tomcat.apache.org" name="sitesearch" type="hidden"><input aria-label="Search text" placeholder="Search…" required="required" name="q" id="query" type="search"><button>GO</button> - </div> - </form> - <div class="asfevents"> - <a href="https://www.apache.org/events/current-event.html";><img src="https://www.apache.org/events/current-event-234x60.png"; alt="Next ASF event"> - <br> - Save the date! - </a> - </div> - <nav> - <div> - <h2>Apache Tomcat</h2> - <ul> - <li> - <a href="./index.html">Home</a> - </li> - <li> - <a href="./taglibs.html">Taglibs</a> - </li> - <li> - <a href="./maven-plugin.html">Maven Plugin</a> - </li> - </ul> - </div> - <div> - <h2>Download</h2> - <ul> - <li> - <a href="./whichversion.html">Which version?</a> - </li> - <li> - <a href="https://tomcat.apache.org/download-90.cgi";>Tomcat 9</a> - </li> - <li> - <a href="https://tomcat.apache.org/download-80.cgi";>Tomcat 8</a> - </li> - <li> - <a href="https://tomcat.apache.org/download-70.cgi";>Tomcat 7</a> - </li> - <li> - <a href="https://tomcat.apache.org/download-connectors.cgi";>Tomcat Connectors</a> - </li> - <li> - <a href="https://tomcat.apache.org/download-native.cgi";>Tomcat Native</a> - </li> - <li> - <a href="https://tomcat.apache.org/download-taglibs.cgi";>Taglibs</a> - </li> - <li> - <a href="https://archive.apache.org/dist/tomcat/";>Archives</a> - </li> - </ul> - </div> - <div> - <h2>Documentation</h2> - <ul> - <li> - <a href="./tomcat-9.0-doc/index.html">Tomcat 9.0</a> - </li> - <li> - <a href="./tomcat-8.5-doc/index.html">Tomcat 8.5</a> - </li> - <li> - <a href="./tomcat-7.0-doc/index.html">Tomcat 7.0</a> - </li> - <li> - <a href="./connectors-doc/">Tomcat Connectors</a> - </li> - <li> - <a href="./native-doc/">Tomcat Native</a> - </li> - <li> - <a href="https://cwiki.apache.org/confluence/display/TOMCAT";>Wiki</a> - </li> - <li> - <a href="./migration.html">Migration Guide</a> - </li> - <li> - <a href="./presentations.html">Presentations</a> - </li> - </ul> - </div> - <div> - <h2>Problems?</h2> - <ul> - <li> - <a href="./security.html">Security Reports</a> - </li> - <li> - <a href="./findhelp.html">Find help</a> - </li> - <li> - <a href="https://cwiki.apache.org/confluence/display/TOMCAT/FAQ";>FAQ</a> - </li> - <li> - <a href="./lists.html">Mailing Lists</a> - </li> - <li> - <a href="./bugreport.html">Bug Database</a> - </li> - <li> - <a href="./irc.html">IRC</a> - </li> - </ul> - </div> - <div> - <h2>Get Involved</h2> - <ul> - <li> - <a href="./getinvolved.html">Overview</a> - </li> - <li> - <a href="./source.html">Source code</a> - </li> - <li> - <a href="./ci.html">Buildbot</a> - </li> - <li> - <a href="https://cwiki.apache.org/confluence/x/vIPzBQ";>Translations</a> - </li> - <li> - <a href="./tools.html">Tools</a> - </li> - </ul> - </div> - <div> - <h2>Media</h2> - <ul> - <li> - <a href="https://twitter.com/theapachetomcat";>Twitter</a> - </li> - <li> - <a href="https://www.youtube.com/c/ApacheTomcatOfficial";>YouTube</a> - </li> - <li> - <a href="https://blogs.apache.org/tomcat/";>Blog</a> - </li> - </ul> - </div> - <div> - <h2>Misc</h2> - <ul> - <li> - <a href="./whoweare.html">Who We Are</a> - </li> - <li> - <a href="https://www.redbubble.com/people/comdev/works/30885254-apache-tomcat";>Swag</a> - </li> - <li> - <a href="./heritage.html">Heritage</a> - </li> - <li> - <a href="http://www.apache.org";>Apache Home</a> - </li> - <li> - <a href="./resources.html">Resources</a> - </li> - <li> - <a href="./contact.html">Contact</a> - </li> - <li> - <a href="./legal.html">Legal</a> - </li> - <li> - <a href="https://www.apache.org/foundation/contributing.html";>Support Apache</a> - </li> - <li> - <a href="https://www.apache.org/foundation/sponsorship.html";>Sponsorship</a> - </li> - <li> - <a href="http://www.apache.org/foundation/thanks.html";>Thanks</a> - </li> - <li> - <a href="http://www.apache.org/licenses/";>License</a> - </li> - </ul> - </div> - </nav> - </div> - </div> - <div id="mainRight"> - <div id="content"> - <h2 style="display: none;">Content</h2> - <h3 id="Table_of_Contents">Table of Contents</h3> - <div class="text"> - - <ul> - <li> - <a href="#Apache_Tomcat_3.x_vulnerabilities">Apache Tomcat 3.x vulnerabilities</a> - </li> - <li> - <a href="#Not_fixed_in_Apache_Tomcat_3.x">Not fixed in Apache Tomcat 3.x</a> - </li> - <li> - <a href="#Fixed_in_Apache_Tomcat_3.3.2">Fixed in Apache Tomcat 3.3.2</a> - </li> - <li> - <a href="#Fixed_in_Apache_Tomcat_3.3.1a">Fixed in Apache Tomcat 3.3.1a</a> - </li> - <li> - <a href="#Fixed_in_Apache_Tomcat_3.3.1">Fixed in Apache Tomcat 3.3.1</a> - </li> - <li> - <a href="#Fixed_in_Apache_Tomcat_3.3a">Fixed in Apache Tomcat 3.3a</a> - </li> - <li> - <a href="#Fixed_in_Apache_Tomcat_3.2.4">Fixed in Apache Tomcat 3.2.4</a> - </li> - <li> - <a href="#Fixed_in_Apache_Tomcat_3.2.2">Fixed in Apache Tomcat 3.2.2</a> - </li> - <li> - <a href="#Fixed_in_Apache_Tomcat_3.2">Fixed in Apache Tomcat 3.2</a> - </li> - <li> - <a href="#Fixed_in_Apache_Tomcat_3.1">Fixed in Apache Tomcat 3.1</a> - </li> - </ul> - - </div> - <h3 id="Apache_Tomcat_3.x_vulnerabilities">Apache Tomcat 3.x vulnerabilities</h3> - <div class="text"> - - <p> - This page lists all security vulnerabilities fixed in released versions +<html lang="en"><head><META http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"><link href="res/css/tomcat.css" rel="stylesheet" type="text/css"><link href="res/css/fonts/fonts.css" rel="stylesheet" type="text/css"><title>Apache Tomcat® - Apache Tomcat 3.x vulnerabilities</title><meta name="author" content="Apache Tomcat Project"></head><body><div id="wrapper"><header id="header"><div class="clearfix"><div class="menu-toggler pull-left" tabindex="1"><div class="hamburger"></div></div><a href="http://tomcat.apache.org/";><img class="tomcat-logo pull-left noPrint" alt="Tomcat Home" src="res/images/tomcat.png"></a><h1 class="pull-left">Apache Tomcat<sup>®</sup></h1><div class="asf-logos pull-right"><a href="https://www.apache.org/foundation/contributing.html"; target="_blank" class="pull-left"><img src="https://www.apache.org/images/SupportApache-small.png"; class="support-asf" alt="Support Apache"></a><a href="http://www.apache.org/"; target="_blank" class="pull-left"><img src="res/images/asf_logo.svg" class="asf-logo" alt="The Apache Software Foundation"></a></div></div></header><main id="middle"><div><div id="mainLeft"><div id="nav-wrapper"><form action="https://www.google.com/search"; method="get"><div class="searchbox"><input value="tomcat.apache.org" name="sitesearch" type="hidden"><input aria-label="Search text" placeholder="Search…" required="required" name="q" id="query" type="search"><button>GO</button></div></form><div class="asfevents"><a href="https://www.apache.org/events/current-event.html";><img src="https://www.apache.org/events/current-event-234x60.png"; alt="Next ASF event"><br> + Save the date! + </a></div><nav><div><h2>Apache Tomcat</h2><ul><li><a href="./index.html">Home</a></li><li><a href="./taglibs.html">Taglibs</a></li><li><a href="./maven-plugin.html">Maven Plugin</a></li></ul></div><div><h2>Download</h2><ul><li><a href="./whichversion.html">Which version?</a></li><li><a href="https://tomcat.apache.org/download-90.cgi";>Tomcat 9</a></li><li><a href="https://tomcat.apache.org/download-80.cgi";>Tomcat 8</a></li><li><a href="https://tomcat.apache.org/download-70.cgi";>Tomcat 7</a></li><li><a href="https://tomcat.apache.org/download-connectors.cgi";>Tomcat Connectors</a></li><li><a href="https://tomcat.apache.org/download-native.cgi";>Tomcat Native</a></li><li><a href="https://tomcat.apache.org/download-taglibs.cgi";>Taglibs</a></li><li><a href="https://archive.apache.org/dist/tomcat/";>Archives</a></li></ul></div><div><h2>Documentation</h2><ul><li><a href="./tomcat-9.0-doc/index.html">Tomcat 9.0</a></li><li><a href="./tomcat-8.5-doc/index.html">Tomcat 8.5</a></li><l i><a href="./tomcat-7.0-doc/index.html">Tomcat 7.0</a></li><li><a href="./connectors-doc/">Tomcat Connectors</a></li><li><a href="./native-doc/">Tomcat Native</a></li><li><a href="https://cwiki.apache.org/confluence/display/TOMCAT";>Wiki</a></li><li><a href="./migration.html">Migration Guide</a></li><li><a href="./presentations.html">Presentations</a></li></ul></div><div><h2>Problems?</h2><ul><li><a href="./security.html">Security Reports</a></li><li><a href="./findhelp.html">Find help</a></li><li><a href="https://cwiki.apache.org/confluence/display/TOMCAT/FAQ";>FAQ</a></li><li><a href="./lists.html">Mailing Lists</a></li><li><a href="./bugreport.html">Bug Database</a></li><li><a href="./irc.html">IRC</a></li></ul></div><div><h2>Get Involved</h2><ul><li><a href="./getinvolved.html">Overview</a></li><li><a href="./source.html">Source code</a></li><li><a href="./ci.html">Buildbot</a></li><li><a href="https://cwiki.apache.org/confluence/x/vIPzBQ";>Translations</a></li><li><a href="./tools .html">Tools</a></li></ul></div><div><h2>Media</h2><ul><li><a href="https://twitter.com/theapachetomcat";>Twitter</a></li><li><a href="https://www.youtube.com/c/ApacheTomcatOfficial";>YouTube</a></li><li><a href="https://blogs.apache.org/tomcat/";>Blog</a></li></ul></div><div><h2>Misc</h2><ul><li><a href="./whoweare.html">Who We Are</a></li><li><a href="https://www.redbubble.com/people/comdev/works/30885254-apache-tomcat";>Swag</a></li><li><a href="./heritage.html">Heritage</a></li><li><a href="http://www.apache.org";>Apache Home</a></li><li><a href="./resources.html">Resources</a></li><li><a href="./contact.html">Contact</a></li><li><a href="./legal.html">Legal</a></li><li><a href="https://www.apache.org/foundation/contributing.html";>Support Apache</a></li><li><a href="https://www.apache.org/foundation/sponsorship.html";>Sponsorship</a></li><li><a href="http://www.apache.org/foundation/thanks.html";>Thanks</a></li><li><a href="http://www.apache.org/licenses/";>License</a></li></ul></div></ nav></div></div><div id="mainRight"><div id="content"><h2 style="display: none;">Content</h2><h3 id="Table_of_Contents">Table of Contents</h3><div class="text"> +<ul><li><a href="#Apache_Tomcat_3.x_vulnerabilities">Apache Tomcat 3.x vulnerabilities</a></li><li><a href="#Not_fixed_in_Apache_Tomcat_3.x">Not fixed in Apache Tomcat 3.x</a></li><li><a href="#Fixed_in_Apache_Tomcat_3.3.2">Fixed in Apache Tomcat 3.3.2</a></li><li><a href="#Fixed_in_Apache_Tomcat_3.3.1a">Fixed in Apache Tomcat 3.3.1a</a></li><li><a href="#Fixed_in_Apache_Tomcat_3.3.1">Fixed in Apache Tomcat 3.3.1</a></li><li><a href="#Fixed_in_Apache_Tomcat_3.3a">Fixed in Apache Tomcat 3.3a</a></li><li><a href="#Fixed_in_Apache_Tomcat_3.2.4">Fixed in Apache Tomcat 3.2.4</a></li><li><a href="#Fixed_in_Apache_Tomcat_3.2.2">Fixed in Apache Tomcat 3.2.2</a></li><li><a href="#Fixed_in_Apache_Tomcat_3.2">Fixed in Apache Tomcat 3.2</a></li><li><a href="#Fixed_in_Apache_Tomcat_3.1">Fixed in Apache Tomcat 3.1</a></li></ul> +</div><h3 id="Apache_Tomcat_3.x_vulnerabilities">Apache Tomcat 3.x vulnerabilities</h3><div class="text"> + <p>This page lists all security vulnerabilities fixed in released versions of Apache Tomcat 3.x. Each vulnerability is given a <a href="security-impact.html">security impact rating</a> by the Apache Tomcat security team — please note that this rating may vary from platform to platform. We also list the versions of Apache Tomcat the flaw is known to affect, and where a flaw has not been verified list the - version with a question mark. - </p> - - <p>Please note that Tomcat 3 is no longer supported. Further vulnerabilities + version with a question mark.</p> + + <p>Please note that Tomcat 3 is no longer supported. Further vulnerabilities in the 3.x branches will not be fixed. Users should upgrade to 7.x or later to obtain security fixes.</p> - - <p> - Please send comments or corrections for these vulnerabilities to the - <a href="security.html">Tomcat Security Team</a>. - </p> - - </div> - <h3 id="Not_fixed_in_Apache_Tomcat_3.x">Not fixed in Apache Tomcat 3.x</h3> - <div class="text"> - - <p> - <strong>Important: Denial of service</strong> - <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0808"; rel="nofollow">CVE-2005-0808</a> - </p> - - <p>Tomcat 3.x can be remotely caused to crash or shutdown by a connection + + <p>Please send comments or corrections for these vulnerabilities to the + <a href="security.html">Tomcat Security Team</a>.</p> + + </div><h3 id="Not_fixed_in_Apache_Tomcat_3.x">Not fixed in Apache Tomcat 3.x</h3><div class="text"> + <p><strong>Important: Denial of service</strong> + <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0808"; rel="nofollow">CVE-2005-0808</a></p> + + <p>Tomcat 3.x can be remotely caused to crash or shutdown by a connection sending the right sequence of bytes to the AJP12 protocol port (TCP 8007 by default). Tomcat 3.x users are advised to ensure that this port is adequately firewalled to ensure it is not accessible to remote attackers. There are no plans to issue a an update to Tomcat 3.x for this issue.</p> - - <p>Affects: 3.0, 3.1-3.1.1, 3.2-3.2.4, 3.3a-3.3.2</p> - - <p> - <strong>Low: Session hi-jacking</strong> - <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3382"; rel="nofollow">CVE-2007-3382</a> - </p> - - <p>Tomcat incorrectly treated a single quote character (') in a cookie + + <p>Affects: 3.0, 3.1-3.1.1, 3.2-3.2.4, 3.3a-3.3.2</p> + + <p><strong>Low: Session hi-jacking</strong> + <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3382"; rel="nofollow">CVE-2007-3382</a></p> + + <p>Tomcat incorrectly treated a single quote character (') in a cookie value as a delimiter. In some circumstances this lead to the leaking of information such as session ID to an attacker.</p> - - <p>Affects: 3.3-3.3.2</p> - - <p> - <strong>Low: Cross site scripting</strong> - <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3384"; rel="nofollow">CVE-2007-3384</a> - </p> - - <p> - When reporting error messages, Tomcat does not filter user supplied data + + <p>Affects: 3.3-3.3.2</p> + + <p><strong>Low: Cross site scripting</strong> + <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3384"; rel="nofollow">CVE-2007-3384</a></p> + + <p>When reporting error messages, Tomcat does not filter user supplied data before display. This enables an XSS attack. A source patch is available from the <a href="https://archive.apache.org/dist/tomcat/tomcat-3/v3.3.2-patches/src/";> - archives</a>. - </p> - - <p>Affects: 3.3-3.3.2</p> - - <p> - <strong>Low: Session hi-jacking</strong> - <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3385"; rel="nofollow">CVE-2007-3385</a> - </p> - - <p>Tomcat incorrectly handled the character sequence \" in a cookie value. + archives</a>.</p> + + <p>Affects: 3.3-3.3.2</p> + + <p><strong>Low: Session hi-jacking</strong> + <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3385"; rel="nofollow">CVE-2007-3385</a></p> + + <p>Tomcat incorrectly handled the character sequence \" in a cookie value. In some circumstances this lead to the leaking of information such as session ID to an attacker.</p> - - <p>Affects: 3.3-3.3.2</p> - - </div> - <h3 id="Fixed_in_Apache_Tomcat_3.3.2">Fixed in Apache Tomcat 3.3.2</h3> - <div class="text"> - - <p> - <strong>Moderate: Cross site scripting</strong> - <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0044"; rel="nofollow">CVE-2003-0044</a> - </p> - - <p>The root web application and the examples web application contained a + + <p>Affects: 3.3-3.3.2</p> + + </div><h3 id="Fixed_in_Apache_Tomcat_3.3.2">Fixed in Apache Tomcat 3.3.2</h3><div class="text"> + <p><strong>Moderate: Cross site scripting</strong> + <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0044"; rel="nofollow">CVE-2003-0044</a></p> + + <p>The root web application and the examples web application contained a number a cross-site scripting vulnerabilities. Note that is it recommended that the examples web application is not installed on production servers.</p> - - <p>Affects: 3.0, 3.1-3.1.1, 3.2-3.2.4, 3.3a-3.3.1a</p> - - </div> - <h3 id="Fixed_in_Apache_Tomcat_3.3.1a">Fixed in Apache Tomcat 3.3.1a</h3> - <div class="text"> - - <p> - <strong>Important: Information disclosure</strong> - <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0043"; rel="nofollow">CVE-2003-0043</a> - </p> - - <p>When used with JDK 1.3.1 or earlier, web.xml files were read with + + <p>Affects: 3.0, 3.1-3.1.1, 3.2-3.2.4, 3.3a-3.3.1a</p> + </div><h3 id="Fixed_in_Apache_Tomcat_3.3.1a">Fixed in Apache Tomcat 3.3.1a</h3><div class="text"> + <p><strong>Important: Information disclosure</strong> + <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0043"; rel="nofollow">CVE-2003-0043</a></p> + + <p>When used with JDK 1.3.1 or earlier, web.xml files were read with trusted privileges enabling files outside of the web application to be read even when running under a security manager.</p> - - <p>Affects: 3.0, 3.1-3.1.1, 3.2-3.2.4, 3.3a-3.3.1</p> - - <p> - <strong>Important: Information disclosure</strong> - <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0042"; rel="nofollow">CVE-2003-0042</a> - </p> - - <p>URLs containing null characters could result in file contents being + + <p>Affects: 3.0, 3.1-3.1.1, 3.2-3.2.4, 3.3a-3.3.1</p> + + <p><strong>Important: Information disclosure</strong> + <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0042"; rel="nofollow">CVE-2003-0042</a></p> + + <p>URLs containing null characters could result in file contents being returned or a directory listing being returned even when a welcome file was defined.</p> - - <p>Affects: 3.0, 3.1-3.1.1, 3.2-3.2.4, 3.3a-3.3.1</p> - - </div> - <h3 id="Fixed_in_Apache_Tomcat_3.3.1">Fixed in Apache Tomcat 3.3.1</h3> - <div class="text"> - - <p> - <strong>Important: Denial of service</strong> - <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0045"; rel="nofollow">CVE-2003-0045</a> - </p> - - <p>JSP page names that match a Windows DOS device name, such as aux.jsp, may + + <p>Affects: 3.0, 3.1-3.1.1, 3.2-3.2.4, 3.3a-3.3.1</p> + </div><h3 id="Fixed_in_Apache_Tomcat_3.3.1">Fixed in Apache Tomcat 3.3.1</h3><div class="text"> + <p><strong>Important: Denial of service</strong> + <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0045"; rel="nofollow">CVE-2003-0045</a></p> + + <p>JSP page names that match a Windows DOS device name, such as aux.jsp, may cause the thread processing the request to become unresponsive. A sequence of such requests may cause all request processing threads, and hence Tomcat, to become unresponsive.</p> - - <p>Affects: 3.0, 3.1-3.1.1, 3.2-3.2.4, 3.3a</p> - - </div> - <h3 id="Fixed_in_Apache_Tomcat_3.3a">Fixed in Apache Tomcat 3.3a</h3> - <div class="text"> - - <p> - <strong>Moderate: Information disclosure</strong> - <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2007"; rel="nofollow">CVE-2002-2007</a> - </p> - - <p>Non-standard requests to the sample applications installed by default + + <p>Affects: 3.0, 3.1-3.1.1, 3.2-3.2.4, 3.3a</p> + </div><h3 id="Fixed_in_Apache_Tomcat_3.3a">Fixed in Apache Tomcat 3.3a</h3><div class="text"> + <p><strong>Moderate: Information disclosure</strong> + <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2007"; rel="nofollow">CVE-2002-2007</a></p> + + <p>Non-standard requests to the sample applications installed by default could result in unexpected directory listings or disclosure of the full file system path for a JSP.</p> - - <p>Affects: 3.2.3-3.2.4</p> - - <p> - <strong>Low: Information disclosure</strong> + + <p>Affects: 3.2.3-3.2.4</p> + + <p><strong>Low: Information disclosure</strong> <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2006"; rel="nofollow">CVE-2002-2006</a>, - <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0760"; rel="nofollow">CVE-2000-0760</a> - </p> - - <p>The snoop servlet installed as part of the examples includes output that + <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0760"; rel="nofollow">CVE-2000-0760</a></p> + + <p>The snoop servlet installed as part of the examples includes output that identifies the Tomcat installation path. There are no plans to issue a an update to Tomcat 3.x for this issue.</p> - - <p>Affects:3.1-3.1.1, 3.2-3.2.4</p> - - </div> - <h3 id="Fixed_in_Apache_Tomcat_3.2.4">Fixed in Apache Tomcat 3.2.4</h3> - <div class="text"> - - <p> - <strong>Moderate: Information disclosure</strong> - <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1563"; rel="nofollow">CVE-2001-1563</a> - <br> - </p> - - <p>No specifics are provided in the vulnerability report. This may be a + + <p>Affects:3.1-3.1.1, 3.2-3.2.4</p> + </div><h3 id="Fixed_in_Apache_Tomcat_3.2.4">Fixed in Apache Tomcat 3.2.4</h3><div class="text"> + <p><strong>Moderate: Information disclosure</strong> + <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1563"; rel="nofollow">CVE-2001-1563</a><br></p> + + <p>No specifics are provided in the vulnerability report. This may be a summary of other issues reported against 3.2.x</p> - - <p>Affects: 3.2?, 3.2.1, 3.2.2-3.2.3?</p> - - </div> - <h3 id="Fixed_in_Apache_Tomcat_3.2.2">Fixed in Apache Tomcat 3.2.2</h3> - <div class="text"> - - <p> - <strong>Moderate: Cross site scripting</strong> - <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0829"; rel="nofollow">CVE-2001-0829</a> - </p> - - <p>The default 404 error page does not escape URLs. This allows XSS + + <p>Affects: 3.2?, 3.2.1, 3.2.2-3.2.3?</p> + </div><h3 id="Fixed_in_Apache_Tomcat_3.2.2">Fixed in Apache Tomcat 3.2.2</h3><div class="text"> + <p><strong>Moderate: Cross site scripting</strong> + <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0829"; rel="nofollow">CVE-2001-0829</a></p> + + <p>The default 404 error page does not escape URLs. This allows XSS attacks using specially crafted URLs.</p> - - <p>Affects: 3.0, 3.1-3.1.1, 3.2-3.2.1</p> - - <p> - <strong>Moderate: Information disclosure</strong> - <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0590"; rel="nofollow">CVE-2001-0590</a> - </p> - - <p>A specially crafted URL can be used to obtain the source for JSPs.</p> - - <p>Affects: 3.0, 3.1-3.1.1, 3.2-3.2.1</p> - - </div> - <h3 id="Fixed_in_Apache_Tomcat_3.2">Fixed in Apache Tomcat 3.2</h3> - <div class="text"> - - <p> - <strong>Low: Information disclosure</strong> - <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0759"; rel="nofollow">CVE-2000-0759</a> - </p> - - <p>Requesting a JSP that does not exist results in an error page that + + <p>Affects: 3.0, 3.1-3.1.1, 3.2-3.2.1</p> + + <p><strong>Moderate: Information disclosure</strong> + <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0590"; rel="nofollow">CVE-2001-0590</a></p> + + <p>A specially crafted URL can be used to obtain the source for JSPs.</p> + + <p>Affects: 3.0, 3.1-3.1.1, 3.2-3.2.1</p> + </div><h3 id="Fixed_in_Apache_Tomcat_3.2">Fixed in Apache Tomcat 3.2</h3><div class="text"> + <p><strong>Low: Information disclosure</strong> + <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0759"; rel="nofollow">CVE-2000-0759</a></p> + + <p>Requesting a JSP that does not exist results in an error page that includes the full file system page of the current context.</p> - - <p>Affects: 3.1</p> - - <p> - <strong>Important: Information disclosure</strong> - <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0672"; rel="nofollow">CVE-2000-0672</a> - </p> - - <p>Access to the admin context is not protected. This context allows an + + <p>Affects: 3.1</p> + + <p><strong>Important: Information disclosure</strong> + <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0672"; rel="nofollow">CVE-2000-0672</a></p> + + <p>Access to the admin context is not protected. This context allows an attacker to mount an arbitary file system path as a context. Any files accessible from this file sytem path to the account under which Tomcat is running are then visible to the attacker.</p> - - <p>Affects: 3.1</p> - - </div> - <h3 id="Fixed_in_Apache_Tomcat_3.1">Fixed in Apache Tomcat 3.1</h3> - <div class="text"> - - <p> - <strong>Important: Information disclosure</strong> - <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1210"; rel="nofollow">CVE-2000-1210</a> - </p> - - <p>source.jsp, provided as part of the examples, allows an attacker to read + + <p>Affects: 3.1</p> + </div><h3 id="Fixed_in_Apache_Tomcat_3.1">Fixed in Apache Tomcat 3.1</h3><div class="text"> + <p><strong>Important: Information disclosure</strong> + <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1210"; rel="nofollow">CVE-2000-1210</a></p> + + <p>source.jsp, provided as part of the examples, allows an attacker to read arbitrary files via a .. (dot dot) in the argument to source.jsp.</p> - - <p>Affects: 3.0</p> - - </div> - </div> - </div> - </div> - </main> - <footer id="footer"> - Copyright © 1999-2020, The Apache Software Foundation - - <br> - Apache Tomcat, Tomcat, Apache, the Apache feather, and the Apache Tomcat + + <p>Affects: 3.0</p> + </div></div></div></div></main><footer id="footer"> + Copyright © 1999-2020, The Apache Software Foundation + <br> + Apache Tomcat, Tomcat, Apache, the Apache feather, and the Apache Tomcat project logo are either registered trademarks or trademarks of the Apache Software Foundation. - - </footer> - </div> - <script src="res/js/tomcat.js"></script> - </body> -</html> + </footer></div><script src="res/js/tomcat.js"></script></body></html> \ No newline at end of file --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
![https://www.apache.org/images/SupportApache-small.png"](https://www.apache.org/images/SupportApache-small.png"){kind=link}
![https://www.apache.org/events/current-event-234x60.png"](https://www.apache.org/events/current-event-234x60.png"){kind=link}