tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ma...@apache.org
Subject svn commit: r524646 - in /tomcat/site/trunk: docs/security-3.html xdocs/security-3.xml
Date Sun, 01 Apr 2007 17:45:11 GMT
Author: markt
Date: Sun Apr  1 10:45:10 2007
New Revision: 524646

URL: http://svn.apache.org/viewvc?view=rev&rev=524646
Log:
The last of the CVE entries.

Modified:
    tomcat/site/trunk/docs/security-3.html
    tomcat/site/trunk/xdocs/security-3.xml

Modified: tomcat/site/trunk/docs/security-3.html
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-3.html?view=diff&rev=524646&r1=524645&r2=524646
==============================================================================
--- tomcat/site/trunk/docs/security-3.html (original)
+++ tomcat/site/trunk/docs/security-3.html Sun Apr  1 10:45:10 2007
@@ -401,7 +401,7 @@
        identifies the Tomcat installation path. There are no plans to issue a an
        update to Tomcat 3.x for this issue.</p>
 
-    <p>Affects: 3.0, 3.1-3.1.1, 3.2-3.2.4</p>
+    <p>Affects:3.1-3.1.1, 3.2-3.2.4</p>
   </blockquote>
 </p>
 </td>
@@ -482,6 +482,41 @@
     <p>A specially crafted URL can be used to obtain the source for JSPs.</p>
 
     <p>Affects: 3.0, 3.1-3.1.1, 3.2-3.2.1</p>
+  </blockquote>
+</p>
+</td>
+</tr>
+<tr>
+<td>
+<br/>
+</td>
+</tr>
+</table>
+<table border="0" cellspacing="0" cellpadding="2" width="100%">
+<tr>
+<td bgcolor="#525D76">
+<font color="#ffffff" face="arial,helvetica,sanserif">
+<a name="Fixed in Apache Tomcat 3.2.1">
+<strong>Fixed in Apache Tomcat 3.2.1</strong>
+</a>
+</font>
+</td>
+</tr>
+<tr>
+<td>
+<p>
+<blockquote>
+    <p>
+<strong>low: Information disclosure</strong>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0759">
+       CVE-2000-0759</a>
+<br/>
+</p>
+
+    <p>Requesting a JSP that does not exist results in an error page that
+       includes the full file system page of the current context.</p>
+
+    <p>Affects: 3.1</p>
   </blockquote>
 </p>
 </td>

Modified: tomcat/site/trunk/xdocs/security-3.xml
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-3.xml?view=diff&rev=524646&r1=524645&r2=524646
==============================================================================
--- tomcat/site/trunk/xdocs/security-3.xml (original)
+++ tomcat/site/trunk/xdocs/security-3.xml Sun Apr  1 10:45:10 2007
@@ -140,6 +140,28 @@
     <p>Affects: 3.0, 3.1-3.1.1, 3.2-3.2.1</p>
   </section>
 
+  <section name="Fixed in Apache Tomcat 3.2">
+    <p><strong>low: Information disclosure</strong>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0759">
+       CVE-2000-0759</a><br/></p>
+
+    <p>Requesting a JSP that does not exist results in an error page that
+       includes the full file system page of the current context.</p>
+
+    <p>Affects: 3.1</p>
+
+    <p><strong>important: Information disclosure</strong>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0672">
+       CVE-2000-0672</a><br/></p>
+
+    <p>Access to the admin context is not protected. This context allows an
+       attacker to mount an arbitary file system path as a context. Any files
+       accessible from this file sytem path to the account under which Tomcat
+       is running are then visible to the attacker.</p>
+
+    <p>Affects: 3.1</p>
+  </section>
+
   <section name="Fixed in Apache Tomcat 3.1">
     <p><strong>important: Information disclosure</strong>
        <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1210">



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message