tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ma...@apache.org
Subject svn commit: r585933 - in /tomcat/site/trunk: docs/security-4.html docs/security-5.html docs/security-6.html xdocs/security-4.xml xdocs/security-5.xml xdocs/security-6.xml
Date Thu, 18 Oct 2007 11:39:35 GMT
Author: markt
Date: Thu Oct 18 04:39:34 2007
New Revision: 585933

URL: http://svn.apache.org/viewvc?rev=585933&view=rev
Log:
Add webdav issue - CVE-2007-5461

Modified:
    tomcat/site/trunk/docs/security-4.html
    tomcat/site/trunk/docs/security-5.html
    tomcat/site/trunk/docs/security-6.html
    tomcat/site/trunk/xdocs/security-4.xml
    tomcat/site/trunk/xdocs/security-5.xml
    tomcat/site/trunk/xdocs/security-6.xml

Modified: tomcat/site/trunk/docs/security-4.html
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-4.html?rev=585933&r1=585932&r2=585933&view=diff
==============================================================================
--- tomcat/site/trunk/docs/security-4.html (original)
+++ tomcat/site/trunk/docs/security-4.html Thu Oct 18 04:39:34 2007
@@ -238,7 +238,21 @@
        which does not exhibit this issue. There are no plans to issue an update
        to Tomcat 4.1.x for this issue.</p>
 
-    <p>Affects: 4.1.15-4.1.HEAD</p>
+    <p>Affects: 4.1.15-4.1.SVN</p>
+
+    <p>
+<strong>important: Information disclosure</strong>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5461">
+       CVE-2007-5461</a>
+</p>
+
+    <p>When Tomcat's WebDAV servlet is configured for use with a context and
+       has been enabled for write, some WebDAV requests that specify an entity
+       with a SYSTEM tag can result in the contents of arbitary files being
+       returned to the client.</p>
+
+    <p>Affects: 4.0.0-4.0.6, 4.1.0-4.1.SVN</p>
+
   </blockquote>
 </p>
 </td>
@@ -253,8 +267,8 @@
 <tr>
 <td bgcolor="#525D76">
 <font color="#ffffff" face="arial,helvetica,sanserif">
-<a name="Fixed in Apache Tomcat 4.1.HEAD">
-<strong>Fixed in Apache Tomcat 4.1.HEAD</strong>
+<a name="Fixed in Apache Tomcat 4.1.SVN">
+<strong>Fixed in Apache Tomcat 4.1.SVN</strong>
 </a>
 </font>
 </td>

Modified: tomcat/site/trunk/docs/security-5.html
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-5.html?rev=585933&r1=585932&r2=585933&view=diff
==============================================================================
--- tomcat/site/trunk/docs/security-5.html (original)
+++ tomcat/site/trunk/docs/security-5.html Thu Oct 18 04:39:34 2007
@@ -214,8 +214,45 @@
 <tr>
 <td bgcolor="#525D76">
 <font color="#ffffff" face="arial,helvetica,sanserif">
-<a name="Fixed in Apache Tomcat 5.5.25, 5.0.HEAD">
-<strong>Fixed in Apache Tomcat 5.5.25, 5.0.HEAD</strong>
+<a name="Not fixed in Apache Tomcat 5.5.SVN, 5.0.SVN">
+<strong>Not fixed in Apache Tomcat 5.5.SVN, 5.0.SVN</strong>
+</a>
+</font>
+</td>
+</tr>
+<tr>
+<td>
+<p>
+<blockquote>
+    <p>
+<strong>important: Information disclosure</strong>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5461">
+       CVE-2007-5461</a>
+</p>
+
+    <p>When Tomcat's WebDAV servlet is configured for use with a context and
+       has been enabled for write, some WebDAV requests that specify an entity
+       with a SYSTEM tag can result in the contents of arbitary files being
+       returned to the client.</p>
+
+    <p>Affects: 5.0.0-5.0.30, 5.5.0-5.5.25</p>
+
+  </blockquote>
+</p>
+</td>
+</tr>
+<tr>
+<td>
+<br/>
+</td>
+</tr>
+</table>
+<table border="0" cellspacing="0" cellpadding="2" width="100%">
+<tr>
+<td bgcolor="#525D76">
+<font color="#ffffff" face="arial,helvetica,sanserif">
+<a name="Fixed in Apache Tomcat 5.5.25, 5.0.SVN">
+<strong>Fixed in Apache Tomcat 5.5.25, 5.0.SVN</strong>
 </a>
 </font>
 </td>
@@ -303,8 +340,8 @@
 <tr>
 <td bgcolor="#525D76">
 <font color="#ffffff" face="arial,helvetica,sanserif">
-<a name="Fixed in Apache Tomcat 5.5.24, 5.0.HEAD">
-<strong>Fixed in Apache Tomcat 5.5.24, 5.0.HEAD</strong>
+<a name="Fixed in Apache Tomcat 5.5.24, 5.0.SVN">
+<strong>Fixed in Apache Tomcat 5.5.24, 5.0.SVN</strong>
 </a>
 </font>
 </td>
@@ -340,8 +377,8 @@
 <tr>
 <td bgcolor="#525D76">
 <font color="#ffffff" face="arial,helvetica,sanserif">
-<a name="Fixed in Apache Tomcat 5.5.23, 5.0.HEAD">
-<strong>Fixed in Apache Tomcat 5.5.23, 5.0.HEAD</strong>
+<a name="Fixed in Apache Tomcat 5.5.23, 5.0.SVN">
+<strong>Fixed in Apache Tomcat 5.5.23, 5.0.SVN</strong>
 </a>
 </font>
 </td>
@@ -382,8 +419,8 @@
 <tr>
 <td bgcolor="#525D76">
 <font color="#ffffff" face="arial,helvetica,sanserif">
-<a name="Fixed in Apache Tomcat 5.5.22, 5.0.HEAD">
-<strong>Fixed in Apache Tomcat 5.5.22, 5.0.HEAD</strong>
+<a name="Fixed in Apache Tomcat 5.5.22, 5.0.SVN">
+<strong>Fixed in Apache Tomcat 5.5.22, 5.0.SVN</strong>
 </a>
 </font>
 </td>
@@ -443,8 +480,8 @@
 <tr>
 <td bgcolor="#525D76">
 <font color="#ffffff" face="arial,helvetica,sanserif">
-<a name="Fixed in Apache Tomcat 5.5.21, 5.0.HEAD">
-<strong>Fixed in Apache Tomcat 5.5.21, 5.0.HEAD</strong>
+<a name="Fixed in Apache Tomcat 5.5.21, 5.0.SVN">
+<strong>Fixed in Apache Tomcat 5.5.21, 5.0.SVN</strong>
 </a>
 </font>
 </td>
@@ -483,8 +520,8 @@
 <tr>
 <td bgcolor="#525D76">
 <font color="#ffffff" face="arial,helvetica,sanserif">
-<a name="Fixed in Apache Tomcat 5.5.18, 5.0.HEAD">
-<strong>Fixed in Apache Tomcat 5.5.18, 5.0.HEAD</strong>
+<a name="Fixed in Apache Tomcat 5.5.18, 5.0.SVN">
+<strong>Fixed in Apache Tomcat 5.5.18, 5.0.SVN</strong>
 </a>
 </font>
 </td>
@@ -518,8 +555,8 @@
 <tr>
 <td bgcolor="#525D76">
 <font color="#ffffff" face="arial,helvetica,sanserif">
-<a name="Fixed in Apache Tomcat 5.5.17, 5.0.HEAD">
-<strong>Fixed in Apache Tomcat 5.5.17, 5.0.HEAD</strong>
+<a name="Fixed in Apache Tomcat 5.5.17, 5.0.SVN">
+<strong>Fixed in Apache Tomcat 5.5.17, 5.0.SVN</strong>
 </a>
 </font>
 </td>
@@ -553,8 +590,8 @@
 <tr>
 <td bgcolor="#525D76">
 <font color="#ffffff" face="arial,helvetica,sanserif">
-<a name="Fixed in Apache Tomcat 5.5.16, 5.0.HEAD">
-<strong>Fixed in Apache Tomcat 5.5.16, 5.0.HEAD</strong>
+<a name="Fixed in Apache Tomcat 5.5.16, 5.0.SVN">
+<strong>Fixed in Apache Tomcat 5.5.16, 5.0.SVN</strong>
 </a>
 </font>
 </td>
@@ -588,8 +625,8 @@
 <tr>
 <td bgcolor="#525D76">
 <font color="#ffffff" face="arial,helvetica,sanserif">
-<a name="Fixed in Apache Tomcat 5.5.13, 5.0.HEAD">
-<strong>Fixed in Apache Tomcat 5.5.13, 5.0.HEAD</strong>
+<a name="Fixed in Apache Tomcat 5.5.13, 5.0.SVN">
+<strong>Fixed in Apache Tomcat 5.5.13, 5.0.SVN</strong>
 </a>
 </font>
 </td>
@@ -643,8 +680,8 @@
 <tr>
 <td bgcolor="#525D76">
 <font color="#ffffff" face="arial,helvetica,sanserif">
-<a name="Fixed in Apache Tomcat 5.5.7, 5.0.HEAD">
-<strong>Fixed in Apache Tomcat 5.5.7, 5.0.HEAD</strong>
+<a name="Fixed in Apache Tomcat 5.5.7, 5.0.SVN">
+<strong>Fixed in Apache Tomcat 5.5.7, 5.0.SVN</strong>
 </a>
 </font>
 </td>

Modified: tomcat/site/trunk/docs/security-6.html
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-6.html?rev=585933&r1=585932&r2=585933&view=diff
==============================================================================
--- tomcat/site/trunk/docs/security-6.html (original)
+++ tomcat/site/trunk/docs/security-6.html Thu Oct 18 04:39:34 2007
@@ -214,6 +214,43 @@
 <tr>
 <td bgcolor="#525D76">
 <font color="#ffffff" face="arial,helvetica,sanserif">
+<a name="Fixed in Apache Tomcat 6.0.SVN ">
+<strong>Fixed in Apache Tomcat 6.0.SVN </strong>
+</a>
+</font>
+</td>
+</tr>
+<tr>
+<td>
+<p>
+<blockquote>
+    <p>
+<strong>important: Information disclosure</strong>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5461">
+       CVE-2007-5461</a>
+</p>
+
+    <p>When Tomcat's WebDAV servlet is configured for use with a context and
+       has been enabled for write, some WebDAV requests that specify an entity
+       with a SYSTEM tag can result in the contents of arbitary files being
+       returned to the client.</p>
+
+    <p>Affects: 6.0.0-6.0.14</p>
+
+  </blockquote>
+</p>
+</td>
+</tr>
+<tr>
+<td>
+<br/>
+</td>
+</tr>
+</table>
+<table border="0" cellspacing="0" cellpadding="2" width="100%">
+<tr>
+<td bgcolor="#525D76">
+<font color="#ffffff" face="arial,helvetica,sanserif">
 <a name="Fixed in Apache Tomcat 6.0.14">
 <strong>Fixed in Apache Tomcat 6.0.14</strong>
 </a>

Modified: tomcat/site/trunk/xdocs/security-4.xml
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-4.xml?rev=585933&r1=585932&r2=585933&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/security-4.xml (original)
+++ tomcat/site/trunk/xdocs/security-4.xml Thu Oct 18 04:39:34 2007
@@ -37,10 +37,22 @@
        which does not exhibit this issue. There are no plans to issue an update
        to Tomcat 4.1.x for this issue.</p>
 
-    <p>Affects: 4.1.15-4.1.HEAD</p>
+    <p>Affects: 4.1.15-4.1.SVN</p>
+
+    <p><strong>important: Information disclosure</strong>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5461">
+       CVE-2007-5461</a></p>
+
+    <p>When Tomcat's WebDAV servlet is configured for use with a context and
+       has been enabled for write, some WebDAV requests that specify an entity
+       with a SYSTEM tag can result in the contents of arbitary files being
+       returned to the client.</p>
+
+    <p>Affects: 4.0.0-4.0.6, 4.1.0-4.1.SVN</p>
+
   </section>
 
-  <section name="Fixed in Apache Tomcat 4.1.HEAD">
+  <section name="Fixed in Apache Tomcat 4.1.SVN">
     <p><strong>important: Information disclosure</strong>
        <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3164">
        CVE-2005-3164</a></p>

Modified: tomcat/site/trunk/xdocs/security-5.xml
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-5.xml?rev=585933&r1=585932&r2=585933&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/security-5.xml (original)
+++ tomcat/site/trunk/xdocs/security-5.xml Thu Oct 18 04:39:34 2007
@@ -24,7 +24,21 @@
 
   </section>
 
-  <section name="Fixed in Apache Tomcat 5.5.25, 5.0.HEAD">
+  <section name="Not fixed in Apache Tomcat 5.5.SVN, 5.0.SVN">
+    <p><strong>important: Information disclosure</strong>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5461">
+       CVE-2007-5461</a></p>
+
+    <p>When Tomcat's WebDAV servlet is configured for use with a context and
+       has been enabled for write, some WebDAV requests that specify an entity
+       with a SYSTEM tag can result in the contents of arbitary files being
+       returned to the client.</p>
+
+    <p>Affects: 5.0.0-5.0.30, 5.5.0-5.5.25</p>
+
+  </section>
+
+  <section name="Fixed in Apache Tomcat 5.5.25, 5.0.SVN">
     <p><strong>low: Cross-site scripting</strong>
        <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2449">
        CVE-2007-2449</a></p>
@@ -82,7 +96,7 @@
 
   </section>
 
-  <section name="Fixed in Apache Tomcat 5.5.24, 5.0.HEAD">
+  <section name="Fixed in Apache Tomcat 5.5.24, 5.0.SVN">
     <p><strong>moderate: Cross-site scripting</strong>
        <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1355">
        CVE-2007-1355</a></p>
@@ -96,7 +110,7 @@
 
   </section>
 
-  <section name="Fixed in Apache Tomcat 5.5.23, 5.0.HEAD">
+  <section name="Fixed in Apache Tomcat 5.5.23, 5.0.SVN">
     <p><strong>important: Information disclosure</strong>
        <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2090">
        CVE-2005-2090</a></p>
@@ -115,7 +129,7 @@
     <p>Affects: 5.0.0-5.0.30, 5.5.0-5.5.22</p>
   </section>
 
-  <section name="Fixed in Apache Tomcat 5.5.22, 5.0.HEAD">
+  <section name="Fixed in Apache Tomcat 5.5.22, 5.0.SVN">
     <p><strong>important: Directory traversal</strong>
        <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0450">
        CVE-2007-0450</a></p>
@@ -153,7 +167,7 @@
     <p>Affects: 5.0.0-5.0.30, 5.5.0-5.5.21</p>
   </section>
 
-  <section name="Fixed in Apache Tomcat 5.5.21, 5.0.HEAD">
+  <section name="Fixed in Apache Tomcat 5.5.21, 5.0.SVN">
     <p><strong>low: Cross-site scripting</strong>
        <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1358">
        CVE-2007-1358</a></p>
@@ -170,7 +184,7 @@
     <p>Affects: 5.0.0-5.0.30, 5.5.0-5.5.20</p>
   </section>
 
-  <section name="Fixed in Apache Tomcat 5.5.18, 5.0.HEAD">
+  <section name="Fixed in Apache Tomcat 5.5.18, 5.0.SVN">
     <p><strong>moderate: Cross-site scripting</strong>
        <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7195">
        CVE-2006-7195</a></p>
@@ -182,7 +196,7 @@
     <p>Affects: 5.0.0-5.0.30, 5.5.0-5.5.17</p>
   </section>
 
-  <section name="Fixed in Apache Tomcat 5.5.17, 5.0.HEAD">
+  <section name="Fixed in Apache Tomcat 5.5.17, 5.0.SVN">
     <p><strong>important: Information disclosure</strong>
        <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1858">
        CVE-2007-1858</a></p>
@@ -194,7 +208,7 @@
     <p>Affects: 5.0.0-5.0.30, 5.5.0-5.5.16</p>
   </section>
 
-  <section name="Fixed in Apache Tomcat 5.5.16, 5.0.HEAD">
+  <section name="Fixed in Apache Tomcat 5.5.16, 5.0.SVN">
     <p><strong>low: Cross-site scripting</strong>
        <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7196">
        CVE-2006-7196</a></p>
@@ -207,7 +221,7 @@
   </section>
 
 
-  <section name="Fixed in Apache Tomcat 5.5.13, 5.0.HEAD">
+  <section name="Fixed in Apache Tomcat 5.5.13, 5.0.SVN">
     <p><strong>low: Directory listing</strong>
        <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3835">
        CVE-2006-3835</a></p>
@@ -237,7 +251,7 @@
     <p>Affects: 5.0.0-5.0.30, 5.5.0-5.5.12</p>
   </section>
 
-  <section name="Fixed in Apache Tomcat 5.5.7, 5.0.HEAD">
+  <section name="Fixed in Apache Tomcat 5.5.7, 5.0.SVN">
     <p><strong>low: Cross-site scripting</strong>
        <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4838">
        CVE-2005-4838</a></p>

Modified: tomcat/site/trunk/xdocs/security-6.xml
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-6.xml?rev=585933&r1=585932&r2=585933&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/security-6.xml (original)
+++ tomcat/site/trunk/xdocs/security-6.xml Thu Oct 18 04:39:34 2007
@@ -24,6 +24,20 @@
 
   </section>
 
+  <section name="Fixed in Apache Tomcat 6.0.SVN ">
+    <p><strong>important: Information disclosure</strong>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5461">
+       CVE-2007-5461</a></p>
+
+    <p>When Tomcat's WebDAV servlet is configured for use with a context and
+       has been enabled for write, some WebDAV requests that specify an entity
+       with a SYSTEM tag can result in the contents of arbitary files being
+       returned to the client.</p>
+
+    <p>Affects: 6.0.0-6.0.14</p>
+
+  </section>
+
   <section name="Fixed in Apache Tomcat 6.0.14">
     <p><strong>low: Cross-site scripting</strong>
        <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2449">



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message