tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ma...@apache.org
Subject svn commit: r531705 - in /tomcat/site/trunk: docs/security-4.html docs/security-5.html xdocs/security-4.xml xdocs/security-5.xml
Date Tue, 24 Apr 2007 02:58:20 GMT
Author: markt
Date: Mon Apr 23 19:58:19 2007
New Revision: 531705

URL: http://svn.apache.org/viewvc?view=rev&rev=531705
Log:
Add CVE-2006-7196

Modified:
    tomcat/site/trunk/docs/security-4.html
    tomcat/site/trunk/docs/security-5.html
    tomcat/site/trunk/xdocs/security-4.xml
    tomcat/site/trunk/xdocs/security-5.xml

Modified: tomcat/site/trunk/docs/security-4.html
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-4.html?view=diff&rev=531705&r1=531704&r2=531705
==============================================================================
--- tomcat/site/trunk/docs/security-4.html (original)
+++ tomcat/site/trunk/docs/security-4.html Mon Apr 23 19:58:19 2007
@@ -366,6 +366,18 @@
     <p>Affects: 4.1.28-4.1.31</p>
 
     <p>
+<strong>low: Cross-site scripting</strong>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7196">
+       CVE-2006-7196</a>
+</p>
+
+    <p>The calendar application included as part of the JSP examples is
+       susceptible to a cross-site scripting attack as it does not escape
+       user provided data before including it in the returned page.</p>
+
+    <p>Affects: 4.0.0-4.0.6, 4.1.0-4.1.31</p>
+
+    <p>
 <strong>low: Directory listing</strong>
        <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3835">
        CVE-2006-3835</a>

Modified: tomcat/site/trunk/docs/security-5.html
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-5.html?view=diff&rev=531705&r1=531704&r2=531705
==============================================================================
--- tomcat/site/trunk/docs/security-5.html (original)
+++ tomcat/site/trunk/docs/security-5.html Mon Apr 23 19:58:19 2007
@@ -379,6 +379,41 @@
 <tr>
 <td bgcolor="#525D76">
 <font color="#ffffff" face="arial,helvetica,sanserif">
+<a name="Fixed in Apache Tomcat 5.5.16">
+<strong>Fixed in Apache Tomcat 5.5.16</strong>
+</a>
+</font>
+</td>
+</tr>
+<tr>
+<td>
+<p>
+<blockquote>
+    <p>
+<strong>low: Cross-site scripting</strong>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7196">
+       CVE-2006-7196</a>
+</p>
+
+    <p>The calendar application included as part of the JSP examples is
+       susceptible to a cross-site scripting attack as it does not escape
+       user provided data before including it in the returned page.</p>
+
+    <p>Affects: 5.0.0-5.0.HEAD, 5.5.0-5.5.15</p>
+  </blockquote>
+</p>
+</td>
+</tr>
+<tr>
+<td>
+<br/>
+</td>
+</tr>
+</table>
+<table border="0" cellspacing="0" cellpadding="2" width="100%">
+<tr>
+<td bgcolor="#525D76">
+<font color="#ffffff" face="arial,helvetica,sanserif">
 <a name="Fixed in Apache Tomcat 5.5.13, 5.0.HEAD">
 <strong>Fixed in Apache Tomcat 5.5.13, 5.0.HEAD</strong>
 </a>

Modified: tomcat/site/trunk/xdocs/security-4.xml
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-4.xml?view=diff&rev=531705&r1=531704&r2=531705
==============================================================================
--- tomcat/site/trunk/xdocs/security-4.xml (original)
+++ tomcat/site/trunk/xdocs/security-4.xml Mon Apr 23 19:58:19 2007
@@ -117,6 +117,16 @@
 
     <p>Affects: 4.1.28-4.1.31</p>
 
+    <p><strong>low: Cross-site scripting</strong>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7196">
+       CVE-2006-7196</a></p>
+
+    <p>The calendar application included as part of the JSP examples is
+       susceptible to a cross-site scripting attack as it does not escape
+       user provided data before including it in the returned page.</p>
+
+    <p>Affects: 4.0.0-4.0.6, 4.1.0-4.1.31</p>
+
     <p><strong>low: Directory listing</strong>
        <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3835">
        CVE-2006-3835</a></p>

Modified: tomcat/site/trunk/xdocs/security-5.xml
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-5.xml?view=diff&rev=531705&r1=531704&r2=531705
==============================================================================
--- tomcat/site/trunk/xdocs/security-5.xml (original)
+++ tomcat/site/trunk/xdocs/security-5.xml Mon Apr 23 19:58:19 2007
@@ -100,6 +100,19 @@
     <p>Affects: 5.0.0-5.0.HEAD, 5.5.0-5.5.17</p>
   </section>
 
+  <section name="Fixed in Apache Tomcat 5.5.16">
+    <p><strong>low: Cross-site scripting</strong>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7196">
+       CVE-2006-7196</a></p>
+
+    <p>The calendar application included as part of the JSP examples is
+       susceptible to a cross-site scripting attack as it does not escape
+       user provided data before including it in the returned page.</p>
+
+    <p>Affects: 5.0.0-5.0.HEAD, 5.5.0-5.5.15</p>
+  </section>
+
+
   <section name="Fixed in Apache Tomcat 5.5.13, 5.0.HEAD">
     <p><strong>low: Directory listing</strong>
        <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3835">



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message