tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ma...@apache.org
Subject svn commit: r524636 - in /tomcat/site/trunk: docs/security-3.html xdocs/security-3.xml
Date Sun, 01 Apr 2007 17:18:08 GMT
Author: markt
Date: Sun Apr  1 10:18:07 2007
New Revision: 524636

URL: http://svn.apache.org/viewvc?view=rev&rev=524636
Log:
Better info on snoop servlet issues and change 3.3 to 3.3a

Modified:
    tomcat/site/trunk/docs/security-3.html
    tomcat/site/trunk/xdocs/security-3.xml

Modified: tomcat/site/trunk/docs/security-3.html
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-3.html?view=diff&rev=524636&r1=524635&r2=524636
==============================================================================
--- tomcat/site/trunk/docs/security-3.html (original)
+++ tomcat/site/trunk/docs/security-3.html Sun Apr  1 10:18:07 2007
@@ -233,19 +233,7 @@
        adequately firewalled to ensure it is not accessible to remote attackers.
        There are no plans to issue a an update to Tomcat 3.x for this issue.</p>
 
-    <p>Affects: 3.0, 3.1-3.1.1, 3.2-3.2.4, 3.3-3.3.2</p>
-
-    <p>
-<strong>low: Information disclosure</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2006">
-       CVE-2002-2006</a>
-</p>
-
-    <p>The snoop servlet installed as part of the examples includes output that
-       identifies the Tomcat installation path. There are no plans to issue a an
-       update to Tomcat 3.x for this issue.</p>
-
-    <p>Affects: 3.0, 3.1-3.1.1, 3.2-3.2.4, 3.3-3.3.2</p>
+    <p>Affects: 3.0, 3.1-3.1.1, 3.2-3.2.4, 3.3a-3.3.2</p>
   </blockquote>
 </p>
 </td>
@@ -281,7 +269,7 @@
        recommended that the examples web application is not installed on
        production servers.</p>
 
-    <p>Affects: 3.0, 3.1-3.1.1, 3.2-3.2.4, 3.3-3.3.1a</p>
+    <p>Affects: 3.0, 3.1-3.1.1, 3.2-3.2.4, 3.3a-3.3.1a</p>
   </blockquote>
 </p>
 </td>
@@ -316,7 +304,7 @@
        trusted privileges enabling files outside of the web application to be
        read even when running under a security manager.</p>
 
-    <p>Affects: 3.0, 3.1-3.1.1, 3.2-3.2.4, 3.3-3.3.1</p>
+    <p>Affects: 3.0, 3.1-3.1.1, 3.2-3.2.4, 3.3a-3.3.1</p>
 
     <p>
 <strong>important: Information disclosure</strong>
@@ -328,7 +316,7 @@
        returned or a directory listing being returned even when a welcome file
        was defined.</p>
 
-    <p>Affects: 3.0, 3.1-3.1.1, 3.2-3.2.4, 3.3-3.3.1</p>
+    <p>Affects: 3.0, 3.1-3.1.1, 3.2-3.2.4, 3.3a-3.3.1</p>
   </blockquote>
 </p>
 </td>
@@ -364,7 +352,7 @@
        sequence of such requests may cause all request processing threads, and
        hence Tomcat, to become unresponsive.</p>
 
-    <p>Affects: 3.0, 3.1-3.1.1, 3.2-3.2.4, 3.3</p>
+    <p>Affects: 3.0, 3.1-3.1.1, 3.2-3.2.4, 3.3a</p>
   </blockquote>
 </p>
 </td>
@@ -379,8 +367,8 @@
 <tr>
 <td bgcolor="#525D76">
 <font color="#ffffff" face="arial,helvetica,sanserif">
-<a name="Fixed in Apache Tomcat 3.3">
-<strong>Fixed in Apache Tomcat 3.3</strong>
+<a name="Fixed in Apache Tomcat 3.3a">
+<strong>Fixed in Apache Tomcat 3.3a</strong>
 </a>
 </font>
 </td>
@@ -400,6 +388,20 @@
        file system path for a JSP.</p>
 
     <p>Affects: 3.2.3-3.2.4</p>
+
+    <p>
+<strong>low: Information disclosure</strong>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2006">
+       CVE-2002-2006</a>,
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0760">
+       CVE-2000-0760</a>
+</p>
+
+    <p>The snoop servlet installed as part of the examples includes output that
+       identifies the Tomcat installation path. There are no plans to issue a an
+       update to Tomcat 3.x for this issue.</p>
+
+    <p>Affects: 3.0, 3.1-3.1.1, 3.2-3.2.4</p>
   </blockquote>
 </p>
 </td>

Modified: tomcat/site/trunk/xdocs/security-3.xml
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-3.xml?view=diff&rev=524636&r1=524635&r2=524636
==============================================================================
--- tomcat/site/trunk/xdocs/security-3.xml (original)
+++ tomcat/site/trunk/xdocs/security-3.xml Sun Apr  1 10:18:07 2007
@@ -35,17 +35,7 @@
        adequately firewalled to ensure it is not accessible to remote attackers.
        There are no plans to issue a an update to Tomcat 3.x for this issue.</p>
 
-    <p>Affects: 3.0, 3.1-3.1.1, 3.2-3.2.4, 3.3-3.3.2</p>
-
-    <p><strong>low: Information disclosure</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2006">
-       CVE-2002-2006</a></p>
-
-    <p>The snoop servlet installed as part of the examples includes output that
-       identifies the Tomcat installation path. There are no plans to issue a an
-       update to Tomcat 3.x for this issue.</p>
-
-    <p>Affects: 3.0, 3.1-3.1.1, 3.2-3.2.4, 3.3-3.3.2</p>
+    <p>Affects: 3.0, 3.1-3.1.1, 3.2-3.2.4, 3.3a-3.3.2</p>
   </section>
 
   <section name="Fixed in Apache Tomcat 3.3.2">
@@ -58,7 +48,7 @@
        recommended that the examples web application is not installed on
        production servers.</p>
 
-    <p>Affects: 3.0, 3.1-3.1.1, 3.2-3.2.4, 3.3-3.3.1a</p>
+    <p>Affects: 3.0, 3.1-3.1.1, 3.2-3.2.4, 3.3a-3.3.1a</p>
   </section>
 
   <section name="Fixed in Apache Tomcat 3.3.1a">
@@ -70,7 +60,7 @@
        trusted privileges enabling files outside of the web application to be
        read even when running under a security manager.</p>
 
-    <p>Affects: 3.0, 3.1-3.1.1, 3.2-3.2.4, 3.3-3.3.1</p>
+    <p>Affects: 3.0, 3.1-3.1.1, 3.2-3.2.4, 3.3a-3.3.1</p>
 
     <p><strong>important: Information disclosure</strong>
        <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0042">
@@ -80,7 +70,7 @@
        returned or a directory listing being returned even when a welcome file
        was defined.</p>
 
-    <p>Affects: 3.0, 3.1-3.1.1, 3.2-3.2.4, 3.3-3.3.1</p>
+    <p>Affects: 3.0, 3.1-3.1.1, 3.2-3.2.4, 3.3a-3.3.1</p>
   </section>
 
   <section name="Fixed in Apache Tomcat 3.3.1">
@@ -93,10 +83,10 @@
        sequence of such requests may cause all request processing threads, and
        hence Tomcat, to become unresponsive.</p>
 
-    <p>Affects: 3.0, 3.1-3.1.1, 3.2-3.2.4, 3.3</p>
+    <p>Affects: 3.0, 3.1-3.1.1, 3.2-3.2.4, 3.3a</p>
   </section>
 
-  <section name="Fixed in Apache Tomcat 3.3">
+  <section name="Fixed in Apache Tomcat 3.3a">
     <p><strong>moderate: Information disclosure</strong>
        <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2007">
        CVE-2002-2007</a></p>
@@ -106,6 +96,18 @@
        file system path for a JSP.</p>
 
     <p>Affects: 3.2.3-3.2.4</p>
+
+    <p><strong>low: Information disclosure</strong>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2006">
+       CVE-2002-2006</a>,
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0760">
+       CVE-2000-0760</a></p>
+
+    <p>The snoop servlet installed as part of the examples includes output that
+       identifies the Tomcat installation path. There are no plans to issue a an
+       update to Tomcat 3.x for this issue.</p>
+
+    <p>Affects:3.1-3.1.1, 3.2-3.2.4</p>
   </section>
 
   <section name="Fixed in Apache Tomcat 3.2.4">



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message