tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ma...@apache.org
Subject svn commit: r562006 - in /tomcat/site/trunk: docs/security-3.html xdocs/security-3.xml
Date Thu, 02 Aug 2007 03:16:38 GMT
Author: markt
Date: Wed Aug  1 20:16:38 2007
New Revision: 562006

URL: http://svn.apache.org/viewvc?view=rev&rev=562006
Log:
Add info on CVE-2007-3384

Modified:
    tomcat/site/trunk/docs/security-3.html
    tomcat/site/trunk/xdocs/security-3.xml

Modified: tomcat/site/trunk/docs/security-3.html
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-3.html?view=diff&rev=562006&r1=562005&r2=562006
==============================================================================
--- tomcat/site/trunk/docs/security-3.html (original)
+++ tomcat/site/trunk/docs/security-3.html Wed Aug  1 20:16:38 2007
@@ -237,6 +237,18 @@
        There are no plans to issue a an update to Tomcat 3.x for this issue.</p>
 
     <p>Affects: 3.0, 3.1-3.1.1, 3.2-3.2.4, 3.3a-3.3.2</p>
+
+    <p>
+<strong>low: Cross site scripting</strong>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3384">
+       CVE-2007-3384</a>
+</p>
+
+    <p>When reporting error messages, Tomcat does not filter user supplied data
+       before display. This enables an XSS attack. A source patch is available
+       from the <a href="download-33.cgi">Tomcat 3 download page</a>.</p>
+
+    <p>Affects: 3.3-3.3.2</p>
   </blockquote>
 </p>
 </td>

Modified: tomcat/site/trunk/xdocs/security-3.xml
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-3.xml?view=diff&rev=562006&r1=562005&r2=562006
==============================================================================
--- tomcat/site/trunk/xdocs/security-3.xml (original)
+++ tomcat/site/trunk/xdocs/security-3.xml Wed Aug  1 20:16:38 2007
@@ -36,6 +36,16 @@
        There are no plans to issue a an update to Tomcat 3.x for this issue.</p>
 
     <p>Affects: 3.0, 3.1-3.1.1, 3.2-3.2.4, 3.3a-3.3.2</p>
+
+    <p><strong>low: Cross site scripting</strong>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3384">
+       CVE-2007-3384</a></p>
+
+    <p>When reporting error messages, Tomcat does not filter user supplied data
+       before display. This enables an XSS attack. A source patch is available
+       from the <a href="download-33.cgi">Tomcat 3 download page</a>.</p>
+
+    <p>Affects: 3.3-3.3.2</p>
   </section>
 
   <section name="Fixed in Apache Tomcat 3.3.2">



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message