tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ma...@apache.org
Subject svn commit: r762948 - in /tomcat/site/trunk: docs/security-jk.html xdocs/security-jk.xml
Date Wed, 08 Apr 2009 04:12:30 GMT
Author: markt
Date: Tue Apr  7 20:39:58 2009
New Revision: 762948

URL: http://svn.apache.org/viewvc?rev=762948&view=rev
Log:
Update site with details of CVE-2008-5519

Modified:
    tomcat/site/trunk/docs/security-jk.html
    tomcat/site/trunk/xdocs/security-jk.xml

Modified: tomcat/site/trunk/docs/security-jk.html
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-jk.html?rev=762948&r1=762947&r2=762948&view=diff
==============================================================================
--- tomcat/site/trunk/docs/security-jk.html (original)
+++ tomcat/site/trunk/docs/security-jk.html Tue Apr  7 20:39:58 2009
@@ -218,6 +218,49 @@
 <tr>
 <td bgcolor="#525D76">
 <font color="#ffffff" face="arial,helvetica,sanserif">
+<a name="Fixed in Apache Tomcat JK Connector 1.2.27">
+<strong>Fixed in Apache Tomcat JK Connector 1.2.27</strong>
+</a>
+</font>
+</td>
+</tr>
+<tr>
+<td>
+<p>
+<blockquote>
+    <p>
+<strong>important: Information disclosure</strong>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5519">
+       CVE-2008-5519</a>
+</p>
+
+    <p>Situations where faulty clients set Content-Length without providing
+       data, or where a user submits repeated requests very quickly, may permit
+       one user to view the response associated with a different user's request.
+       </p>
+
+    <p>This was fixed in
+       <a href="http://svn.apache.org/viewvc?rev=702540&amp;view=rev">
+       revision 702540</a>.</p>
+
+    <p>Affects: JK 1.2.0-1.2.26<br/>
+       Source shipped with Tomcat 4.0.0-4.0.6, 4.1.0-4.1.36, 5.0.0-5.0.30,
+       5.5.0-5.5.27</p>
+
+  </blockquote>
+</p>
+</td>
+</tr>
+<tr>
+<td>
+<br/>
+</td>
+</tr>
+</table>
+<table border="0" cellspacing="0" cellpadding="2" width="100%">
+<tr>
+<td bgcolor="#525D76">
+<font color="#ffffff" face="arial,helvetica,sanserif">
 <a name="Fixed in Apache Tomcat JK Connector 1.2.23">
 <strong>Fixed in Apache Tomcat JK Connector 1.2.23</strong>
 </a>
@@ -263,7 +306,7 @@
        </p>
 
     <p>Affects: JK 1.2.0-1.2.22 (httpd mod_jk module only)<br/>
-       Source shipped with Tomcat 4.0.1-4.0.6, 4.1.0-4.1.36, 5.0.0-5.0.30,
+       Source shipped with Tomcat 4.0.0-4.0.6, 4.1.0-4.1.36, 5.0.0-5.0.30,
        5.5.0-5.5.23</p>
 
   </blockquote>
@@ -291,14 +334,14 @@
 <p>
 <blockquote>
     <p>
-<strong>critical: Arbitary code execution and denial of service</strong>
+<strong>critical: Arbitrary code execution and denial of service</strong>
        <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0774">
        CVE-2007-0774</a>
 </p>
 
     <p>An unsafe memory copy in the URI handler for the native JK connector
-       could result in a stackoverflow condition which could be leveraged to
-       execute arbitary code or crash the web server.</p>
+       could result in a stack overflow condition which could be leveraged to
+       execute arbitrary code or crash the web server.</p>
 
     <p>Affects: JK 1.2.19-1.2.20<br/>
        Source shipped with: Tomcat 4.1.34, 5.5.20</p>
@@ -339,7 +382,7 @@
        reveal sensitive memory information to a client.</p>
 
     <p>Affects: JK 1.2.0-1.2.15<br/>
-       Source shipped with: Tomcat 4.0.1-4.0.6, 4.1.0-4.1.32, 5.0.0-5.0.30,
+       Source shipped with: Tomcat 4.0.0-4.0.6, 4.1.0-4.1.32, 5.0.0-5.0.30,
        5.5.0-5.5.16</p>
 
   </blockquote>

Modified: tomcat/site/trunk/xdocs/security-jk.xml
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-jk.xml?rev=762948&r1=762947&r2=762948&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/security-jk.xml (original)
+++ tomcat/site/trunk/xdocs/security-jk.xml Tue Apr  7 20:39:58 2009
@@ -24,6 +24,26 @@
 
   </section>
 
+  <section name="Fixed in Apache Tomcat JK Connector 1.2.27">
+    <p><strong>important: Information disclosure</strong>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5519">
+       CVE-2008-5519</a></p>
+
+    <p>Situations where faulty clients set Content-Length without providing
+       data, or where a user submits repeated requests very quickly, may permit
+       one user to view the response associated with a different user's request.
+       </p>
+
+    <p>This was fixed in
+       <a href="http://svn.apache.org/viewvc?rev=702540&amp;view=rev">
+       revision 702540</a>.</p>
+
+    <p>Affects: JK 1.2.0-1.2.26<br/>
+       Source shipped with Tomcat 4.0.0-4.0.6, 4.1.0-4.1.36, 5.0.0-5.0.30,
+       5.5.0-5.5.27</p>
+
+  </section>
+
   <section name="Fixed in Apache Tomcat JK Connector 1.2.23">
     <p><strong>important: Information disclosure</strong>
        <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1860">
@@ -58,19 +78,19 @@
        </p>
 
     <p>Affects: JK 1.2.0-1.2.22 (httpd mod_jk module only)<br/>
-       Source shipped with Tomcat 4.0.1-4.0.6, 4.1.0-4.1.36, 5.0.0-5.0.30,
+       Source shipped with Tomcat 4.0.0-4.0.6, 4.1.0-4.1.36, 5.0.0-5.0.30,
        5.5.0-5.5.23</p>
 
   </section>
 
   <section name="Fixed in Apache Tomcat JK Connector 1.2.21">
-    <p><strong>critical: Arbitary code execution and denial of service</strong>
+    <p><strong>critical: Arbitrary code execution and denial of service</strong>
        <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0774">
        CVE-2007-0774</a></p>
 
     <p>An unsafe memory copy in the URI handler for the native JK connector
-       could result in a stackoverflow condition which could be leveraged to
-       execute arbitary code or crash the web server.</p>
+       could result in a stack overflow condition which could be leveraged to
+       execute arbitrary code or crash the web server.</p>
 
     <p>Affects: JK 1.2.19-1.2.20<br/>
        Source shipped with: Tomcat 4.1.34, 5.5.20</p>
@@ -88,7 +108,7 @@
        reveal sensitive memory information to a client.</p>
 
     <p>Affects: JK 1.2.0-1.2.15<br/>
-       Source shipped with: Tomcat 4.0.1-4.0.6, 4.1.0-4.1.32, 5.0.0-5.0.30,
+       Source shipped with: Tomcat 4.0.0-4.0.6, 4.1.0-4.1.32, 5.0.0-5.0.30,
        5.5.0-5.5.16</p>
 
   </section>



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message