tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ma...@apache.org
Subject svn commit: r693763 - in /tomcat/site/trunk: docs/security-4.html docs/security-5.html docs/security-6.html xdocs/security-4.xml xdocs/security-5.xml xdocs/security-6.xml
Date Wed, 10 Sep 2008 10:01:26 GMT
Author: markt
Date: Wed Sep 10 03:01:25 2008
New Revision: 693763

URL: http://svn.apache.org/viewvc?rev=693763&view=rev
Log:
Add new information for CVE-2008-2938
Add svn commits for more recent release
Update for 5.5.27 release

Modified:
    tomcat/site/trunk/docs/security-4.html
    tomcat/site/trunk/docs/security-5.html
    tomcat/site/trunk/docs/security-6.html
    tomcat/site/trunk/xdocs/security-4.xml
    tomcat/site/trunk/xdocs/security-5.xml
    tomcat/site/trunk/xdocs/security-6.xml

Modified: tomcat/site/trunk/docs/security-4.html
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-4.html?rev=693763&r1=693762&r2=693763&view=diff
==============================================================================
--- tomcat/site/trunk/docs/security-4.html (original)
+++ tomcat/site/trunk/docs/security-4.html Wed Sep 10 03:01:25 2008
@@ -282,6 +282,10 @@
        transmitted to any content that is - by purpose or error - requested via
        http from the same server. </p>
 
+    <p>This was fixed in
+       <a href="http://svn.apache.org/viewvc?rev=684900&amp;view=rev">
+       revision 684900</a>.</p>
+
     <p>Affects: 4.1.0-4.1.37</p>
 
     <p>
@@ -298,6 +302,10 @@
        XSS attack, unfiltered user supplied data must be included in the message
        argument.</p>
 
+    <p>This was fixed in
+       <a href="http://svn.apache.org/viewvc?rev=680947&amp;view=rev">
+       revision 680947</a>.</p>
+
     <p>Affects: 4.1.0-4.1.37</p>
 
     <p>
@@ -307,15 +315,19 @@
 </p>
 
     <p>When using a RequestDispatcher the target path was normalised before the 
-	   query string was removed. A request that included a specially crafted 
+       query string was removed. A request that included a specially crafted 
        request parameter could be used to access content that would otherwise be 
-	   protected by a security constraint or by locating it in under the WEB-INF 
+       protected by a security constraint or by locating it in under the WEB-INF 
        directory.</p>
 
+       <p>This was fixed in
+       <a href="http://svn.apache.org/viewvc?rev=680950&amp;view=rev">
+       revision 680950</a>.</p>
+
     <p>Affects: 4.1.0-4.1.37</p>
     
     <p>
-<strong>moderate: Directory traversal</strong>
+<strong>important: Directory traversal</strong>
        <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2938">
        CVE-2008-2938</a>
 </p>
@@ -323,7 +335,16 @@
     <p>If a context is configured with <code>allowLinking="true"</code>
and the
        connector is configured with <code>URIEncoding="UTF-8"</code> then a
        malformed request may be used to access arbitrary files on the server.
-       </p>
+       If the connector is configured with <code>URIEncoding="UTF-8"</code> then
+       a malformed request may be used to access arbitrary files within the
+       docBase of a context such as web.xml. It should also be noted that
+       setting <code>useBodyEncodingForURI="true"</code> has the same effect
as
+       setting <code>URIEncoding="UTF-8"</code> when processing requests with
+       bodies encoded with UTF-8.</p>
+
+       <p>This was fixed in
+       <a href="http://svn.apache.org/viewvc?rev=681065&amp;view=rev">
+       revision 681065</a>.</p>
 
     <p>Affects: 4.1.0-4.1.37</p>
 

Modified: tomcat/site/trunk/docs/security-5.html
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-5.html?rev=693763&r1=693762&r2=693763&view=diff
==============================================================================
--- tomcat/site/trunk/docs/security-5.html (original)
+++ tomcat/site/trunk/docs/security-5.html Wed Sep 10 03:01:25 2008
@@ -222,8 +222,8 @@
 <tr>
 <td bgcolor="#525D76">
 <font color="#ffffff" face="arial,helvetica,sanserif">
-<a name="Fixed in Apache Tomcat 5.5.SVN">
-<strong>Fixed in Apache Tomcat 5.5.SVN</strong>
+<a name="Fixed in Apache Tomcat 5.5.27">
+<strong>Fixed in Apache Tomcat 5.5.27</strong>
 </a>
 </font>
 </td>
@@ -246,6 +246,10 @@
        XSS attack, unfiltered user supplied data must be included in the message
        argument.</p>
 
+    <p>This was fixed in
+       <a href="http://svn.apache.org/viewvc?rev=680947&amp;view=rev">
+       revision 680947</a>.</p>
+
     <p>Affects: 5.5.0-5.5.26</p>
 
     <p>
@@ -260,6 +264,10 @@
        out (closing the browser) of the application once the management tasks
        have been completed.</p>
 
+    <p>This was fixed in
+       <a href="http://svn.apache.org/viewvc?rev=662583&amp;view=rev">
+       revision 662583</a>.</p>
+
     <p>Affects: 5.5.9-5.5.26</p>
     
     <p>
@@ -269,15 +277,19 @@
 </p>
 
     <p>When using a RequestDispatcher the target path was normalised before the 
-	   query string was removed. A request that included a specially crafted 
+       query string was removed. A request that included a specially crafted 
        request parameter could be used to access content that would otherwise be 
-	   protected by a security constraint or by locating it in under the WEB-INF 
+       protected by a security constraint or by locating it in under the WEB-INF 
        directory.</p>
 
+       <p>This was fixed in
+       <a href="http://svn.apache.org/viewvc?rev=680949&amp;view=rev">
+       revision 680949</a>.</p>
+
     <p>Affects: 5.5.0-5.5.26</p>
     
     <p>
-<strong>moderate: Directory traversal</strong>
+<strong>important: Directory traversal</strong>
        <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2938">
        CVE-2008-2938</a>
 </p>
@@ -285,8 +297,17 @@
     <p>If a context is configured with <code>allowLinking="true"</code>
and the
        connector is configured with <code>URIEncoding="UTF-8"</code> then a
        malformed request may be used to access arbitrary files on the server.
-       </p>
-
+       If the connector is configured with <code>URIEncoding="UTF-8"</code> then
+       a malformed request may be used to access arbitrary files within the
+       docBase of a context such as web.xml. It should also be noted that
+       setting <code>useBodyEncodingForURI="true"</code> has the same effect
as
+       setting <code>URIEncoding="UTF-8"</code> when processing requests with
+       bodies encoded with UTF-8.</p>
+
+       <p>This was fixed in
+       <a href="http://svn.apache.org/viewvc?rev=681029&amp;view=rev">
+       revision 681029</a>.</p>
+       
     <p>Affects: 5.5.0-5.5.26</p>
 
   </blockquote>

Modified: tomcat/site/trunk/docs/security-6.html
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-6.html?rev=693763&r1=693762&r2=693763&view=diff
==============================================================================
--- tomcat/site/trunk/docs/security-6.html (original)
+++ tomcat/site/trunk/docs/security-6.html Wed Sep 10 03:01:25 2008
@@ -240,6 +240,10 @@
        XSS attack, unfiltered user supplied data must be included in the message
        argument.</p>
 
+    <p>This was fixed in
+       <a href="http://svn.apache.org/viewvc?rev=673834&amp;view=rev">
+       revision 673834</a>.</p>
+
     <p>Affects: 6.0.0-6.0.16</p>
 
     <p>
@@ -254,6 +258,12 @@
        out (closing the browser) of the application once the management tasks
        have been completed.</p>
 
+    <p>This was fixed in
+       <a href="http://svn.apache.org/viewvc?rev=662585&amp;view=rev">
+       revision 662585</a>.</p>
+
+    <p>Affects: 6.0.0-6.0.16</p>
+
     <p>
 <strong>important: Information disclosure</strong>
        <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2370">
@@ -261,15 +271,19 @@
 </p>
 
     <p>When using a RequestDispatcher the target path was normalised before the 
-	   query string was removed. A request that included a specially crafted 
+       query string was removed. A request that included a specially crafted 
        request parameter could be used to access content that would otherwise be 
-	   protected by a security constraint or by locating it in under the WEB-INF 
+       protected by a security constraint or by locating it in under the WEB-INF 
        directory.</p>
+       
+       <p>This was fixed in
+       <a href="http://svn.apache.org/viewvc?rev=673839&amp;view=rev">
+       revision 673839</a>.</p>
 
     <p>Affects: 6.0.0-6.0.16</p>
 
     <p>
-<strong>moderate: Directory traversal</strong>
+<strong>important: Directory traversal</strong>
        <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2938">
        CVE-2008-2938</a>
 </p>
@@ -277,7 +291,16 @@
     <p>If a context is configured with <code>allowLinking="true"</code>
and the
        connector is configured with <code>URIEncoding="UTF-8"</code> then a
        malformed request may be used to access arbitrary files on the server.
-       </p>
+       If the connector is configured with <code>URIEncoding="UTF-8"</code> then
+       a malformed request may be used to access arbitrary files within the
+       docBase of a context such as web.xml. It should also be noted that
+       setting <code>useBodyEncodingForURI="true"</code> has the same effect
as
+       setting <code>URIEncoding="UTF-8"</code> when processing requests with
+       bodies encoded with UTF-8.</p>
+
+       <p>This was fixed in
+       <a href="http://svn.apache.org/viewvc?rev=678137&amp;view=rev">
+       revision 678137</a>.</p>
 
     <p>Affects: 6.0.0-6.0.16</p>
 

Modified: tomcat/site/trunk/xdocs/security-4.xml
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-4.xml?rev=693763&r1=693762&r2=693763&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/security-4.xml (original)
+++ tomcat/site/trunk/xdocs/security-4.xml Wed Sep 10 03:01:25 2008
@@ -54,6 +54,10 @@
        transmitted to any content that is - by purpose or error - requested via
        http from the same server. </p>
 
+    <p>This was fixed in
+       <a href="http://svn.apache.org/viewvc?rev=684900&amp;view=rev">
+       revision 684900</a>.</p>
+
     <p>Affects: 4.1.0-4.1.37</p>
 
     <p><strong>low: Cross-site scripting</strong>
@@ -68,6 +72,10 @@
        XSS attack, unfiltered user supplied data must be included in the message
        argument.</p>
 
+    <p>This was fixed in
+       <a href="http://svn.apache.org/viewvc?rev=680947&amp;view=rev">
+       revision 680947</a>.</p>
+
     <p>Affects: 4.1.0-4.1.37</p>
 
     <p><strong>important: Information disclosure</strong>
@@ -75,21 +83,34 @@
        CVE-2008-2370</a></p>
 
     <p>When using a RequestDispatcher the target path was normalised before the 
-	   query string was removed. A request that included a specially crafted 
+       query string was removed. A request that included a specially crafted 
        request parameter could be used to access content that would otherwise be 
-	   protected by a security constraint or by locating it in under the WEB-INF 
+       protected by a security constraint or by locating it in under the WEB-INF 
        directory.</p>
 
+       <p>This was fixed in
+       <a href="http://svn.apache.org/viewvc?rev=680950&amp;view=rev">
+       revision 680950</a>.</p>
+
     <p>Affects: 4.1.0-4.1.37</p>
     
-    <p><strong>moderate: Directory traversal</strong>
+    <p><strong>important: Directory traversal</strong>
        <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2938">
        CVE-2008-2938</a></p>
 
     <p>If a context is configured with <code>allowLinking="true"</code>
and the
        connector is configured with <code>URIEncoding="UTF-8"</code> then a
        malformed request may be used to access arbitrary files on the server.
-       </p>
+       If the connector is configured with <code>URIEncoding="UTF-8"</code> then
+       a malformed request may be used to access arbitrary files within the
+       docBase of a context such as web.xml. It should also be noted that
+       setting <code>useBodyEncodingForURI="true"</code> has the same effect
as
+       setting <code>URIEncoding="UTF-8"</code> when processing requests with
+       bodies encoded with UTF-8.</p>
+
+       <p>This was fixed in
+       <a href="http://svn.apache.org/viewvc?rev=681065&amp;view=rev">
+       revision 681065</a>.</p>
 
     <p>Affects: 4.1.0-4.1.37</p>
 

Modified: tomcat/site/trunk/xdocs/security-5.xml
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-5.xml?rev=693763&r1=693762&r2=693763&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/security-5.xml (original)
+++ tomcat/site/trunk/xdocs/security-5.xml Wed Sep 10 03:01:25 2008
@@ -28,7 +28,7 @@
 
   </section>
 
-  <section name="Fixed in Apache Tomcat 5.5.SVN">
+  <section name="Fixed in Apache Tomcat 5.5.27">
     <p><strong>low: Cross-site scripting</strong>
        <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1232">
        CVE-2008-1232</a></p>
@@ -41,6 +41,10 @@
        XSS attack, unfiltered user supplied data must be included in the message
        argument.</p>
 
+    <p>This was fixed in
+       <a href="http://svn.apache.org/viewvc?rev=680947&amp;view=rev">
+       revision 680947</a>.</p>
+
     <p>Affects: 5.5.0-5.5.26</p>
 
     <p><strong>low: Cross-site scripting</strong>
@@ -53,6 +57,10 @@
        out (closing the browser) of the application once the management tasks
        have been completed.</p>
 
+    <p>This was fixed in
+       <a href="http://svn.apache.org/viewvc?rev=662583&amp;view=rev">
+       revision 662583</a>.</p>
+
     <p>Affects: 5.5.9-5.5.26</p>
     
     <p><strong>important: Information disclosure</strong>
@@ -60,22 +68,35 @@
        CVE-2008-2370</a></p>
 
     <p>When using a RequestDispatcher the target path was normalised before the 
-	   query string was removed. A request that included a specially crafted 
+       query string was removed. A request that included a specially crafted 
        request parameter could be used to access content that would otherwise be 
-	   protected by a security constraint or by locating it in under the WEB-INF 
+       protected by a security constraint or by locating it in under the WEB-INF 
        directory.</p>
 
+       <p>This was fixed in
+       <a href="http://svn.apache.org/viewvc?rev=680949&amp;view=rev">
+       revision 680949</a>.</p>
+
     <p>Affects: 5.5.0-5.5.26</p>
     
-    <p><strong>moderate: Directory traversal</strong>
+    <p><strong>important: Directory traversal</strong>
        <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2938">
        CVE-2008-2938</a></p>
 
     <p>If a context is configured with <code>allowLinking="true"</code>
and the
        connector is configured with <code>URIEncoding="UTF-8"</code> then a
        malformed request may be used to access arbitrary files on the server.
-       </p>
-
+       If the connector is configured with <code>URIEncoding="UTF-8"</code> then
+       a malformed request may be used to access arbitrary files within the
+       docBase of a context such as web.xml. It should also be noted that
+       setting <code>useBodyEncodingForURI="true"</code> has the same effect
as
+       setting <code>URIEncoding="UTF-8"</code> when processing requests with
+       bodies encoded with UTF-8.</p>
+
+       <p>This was fixed in
+       <a href="http://svn.apache.org/viewvc?rev=681029&amp;view=rev">
+       revision 681029</a>.</p>
+       
     <p>Affects: 5.5.0-5.5.26</p>
 
   </section>

Modified: tomcat/site/trunk/xdocs/security-6.xml
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-6.xml?rev=693763&r1=693762&r2=693763&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/security-6.xml (original)
+++ tomcat/site/trunk/xdocs/security-6.xml Wed Sep 10 03:01:25 2008
@@ -35,6 +35,10 @@
        XSS attack, unfiltered user supplied data must be included in the message
        argument.</p>
 
+    <p>This was fixed in
+       <a href="http://svn.apache.org/viewvc?rev=673834&amp;view=rev">
+       revision 673834</a>.</p>
+
     <p>Affects: 6.0.0-6.0.16</p>
 
     <p><strong>low: Cross-site scripting</strong>
@@ -47,26 +51,45 @@
        out (closing the browser) of the application once the management tasks
        have been completed.</p>
 
+    <p>This was fixed in
+       <a href="http://svn.apache.org/viewvc?rev=662585&amp;view=rev">
+       revision 662585</a>.</p>
+
+    <p>Affects: 6.0.0-6.0.16</p>
+
     <p><strong>important: Information disclosure</strong>
        <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2370">
        CVE-2008-2370</a></p>
 
     <p>When using a RequestDispatcher the target path was normalised before the 
-	   query string was removed. A request that included a specially crafted 
+       query string was removed. A request that included a specially crafted 
        request parameter could be used to access content that would otherwise be 
-	   protected by a security constraint or by locating it in under the WEB-INF 
+       protected by a security constraint or by locating it in under the WEB-INF 
        directory.</p>
+       
+       <p>This was fixed in
+       <a href="http://svn.apache.org/viewvc?rev=673839&amp;view=rev">
+       revision 673839</a>.</p>
 
     <p>Affects: 6.0.0-6.0.16</p>
 
-    <p><strong>moderate: Directory traversal</strong>
+    <p><strong>important: Directory traversal</strong>
        <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2938">
        CVE-2008-2938</a></p>
 
     <p>If a context is configured with <code>allowLinking="true"</code>
and the
        connector is configured with <code>URIEncoding="UTF-8"</code> then a
        malformed request may be used to access arbitrary files on the server.
-       </p>
+       If the connector is configured with <code>URIEncoding="UTF-8"</code> then
+       a malformed request may be used to access arbitrary files within the
+       docBase of a context such as web.xml. It should also be noted that
+       setting <code>useBodyEncodingForURI="true"</code> has the same effect
as
+       setting <code>URIEncoding="UTF-8"</code> when processing requests with
+       bodies encoded with UTF-8.</p>
+
+       <p>This was fixed in
+       <a href="http://svn.apache.org/viewvc?rev=678137&amp;view=rev">
+       revision 678137</a>.</p>
 
     <p>Affects: 6.0.0-6.0.16</p>
 



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message