tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ma...@apache.org
Subject svn commit: r620037 - in /tomcat/site/trunk: docs/security-5.html docs/security-6.html xdocs/security-5.xml xdocs/security-6.xml
Date Fri, 08 Feb 2008 23:34:37 GMT
Author: markt
Date: Fri Feb  8 15:34:32 2008
New Revision: 620037

URL: http://svn.apache.org/viewvc?rev=620037&view=rev
Log:
Publish details of CVE-2007-6286

Modified:
    tomcat/site/trunk/docs/security-5.html
    tomcat/site/trunk/docs/security-6.html
    tomcat/site/trunk/xdocs/security-5.xml
    tomcat/site/trunk/xdocs/security-6.xml

Modified: tomcat/site/trunk/docs/security-5.html
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-5.html?rev=620037&r1=620036&r2=620037&view=diff
==============================================================================
--- tomcat/site/trunk/docs/security-5.html (original)
+++ tomcat/site/trunk/docs/security-5.html Fri Feb  8 15:34:32 2008
@@ -271,6 +271,18 @@
        returned to the client.</p>
 
     <p>Affects: 5.5.0-5.5.25</p>
+
+    <p>
+<strong>important: Data integrity</strong>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6286">
+       CVE-2007-6286</a>
+</p>
+
+    <p>When using the native (APR based) connector, connecting to the SSL port
+       using netcat and then disconnecting without sending any data will cause
+       tomcat to handle a duplicate copy of one of the recent requests.</p>
+
+    <p>Affects: 5.5.11-5.5.25</p>
   </blockquote>
 </p>
 </td>

Modified: tomcat/site/trunk/docs/security-6.html
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-6.html?rev=620037&r1=620036&r2=620037&view=diff
==============================================================================
--- tomcat/site/trunk/docs/security-6.html (original)
+++ tomcat/site/trunk/docs/security-6.html Fri Feb  8 15:34:32 2008
@@ -267,6 +267,18 @@
     <p>Affects: 6.0.0-6.0.14</p>
 
     <p>
+<strong>important: Data integrity</strong>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6286">
+       CVE-2007-6286</a>
+</p>
+
+    <p>When using the native (APR based) connector, connecting to the SSL port
+       using netcat and then disconnecting without sending any data will cause
+       tomcat to handle a duplicate copy of one of the recent requests.</p>
+
+    <p>Affects: 6.0.0-6.0.15</p>
+
+    <p>
 <strong>important: Information disclosure</strong>
        <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0002">
        CVE-2008-0002</a>

Modified: tomcat/site/trunk/xdocs/security-5.xml
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-5.xml?rev=620037&r1=620036&r2=620037&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/security-5.xml (original)
+++ tomcat/site/trunk/xdocs/security-5.xml Fri Feb  8 15:34:32 2008
@@ -62,6 +62,16 @@
        returned to the client.</p>
 
     <p>Affects: 5.5.0-5.5.25</p>
+
+    <p><strong>important: Data integrity</strong>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6286">
+       CVE-2007-6286</a></p>
+
+    <p>When using the native (APR based) connector, connecting to the SSL port
+       using netcat and then disconnecting without sending any data will cause
+       tomcat to handle a duplicate copy of one of the recent requests.</p>
+
+    <p>Affects: 5.5.11-5.5.25</p>
   </section>
 
   <section name="Fixed in Apache Tomcat 5.5.25, 5.0.SVN">

Modified: tomcat/site/trunk/xdocs/security-6.xml
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-6.xml?rev=620037&r1=620036&r2=620037&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/security-6.xml (original)
+++ tomcat/site/trunk/xdocs/security-6.xml Fri Feb  8 15:34:32 2008
@@ -57,6 +57,16 @@
 
     <p>Affects: 6.0.0-6.0.14</p>
 
+    <p><strong>important: Data integrity</strong>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6286">
+       CVE-2007-6286</a></p>
+
+    <p>When using the native (APR based) connector, connecting to the SSL port
+       using netcat and then disconnecting without sending any data will cause
+       tomcat to handle a duplicate copy of one of the recent requests.</p>
+
+    <p>Affects: 6.0.0-6.0.15</p>
+
     <p><strong>important: Information disclosure</strong>
        <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0002">
        CVE-2008-0002</a></p>



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message