tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ma...@apache.org
Subject svn commit: r834061 - in /tomcat/site/trunk: docs/security-5.html docs/security-6.html xdocs/security-5.xml xdocs/security-6.xml
Date Mon, 09 Nov 2009 13:48:31 GMT
Author: markt
Date: Mon Nov  9 13:48:26 2009
New Revision: 834061

URL: http://svn.apache.org/viewvc?rev=834061&view=rev
Log:
Add CVE-2009-3548 info

Modified:
    tomcat/site/trunk/docs/security-5.html
    tomcat/site/trunk/docs/security-6.html
    tomcat/site/trunk/xdocs/security-5.xml
    tomcat/site/trunk/xdocs/security-6.xml

Modified: tomcat/site/trunk/docs/security-5.html
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-5.html?rev=834061&r1=834060&r2=834061&view=diff
==============================================================================
--- tomcat/site/trunk/docs/security-5.html (original)
+++ tomcat/site/trunk/docs/security-5.html Mon Nov  9 13:48:26 2009
@@ -218,6 +218,50 @@
 <tr>
 <td bgcolor="#525D76">
 <font color="#ffffff" face="arial,helvetica,sanserif">
+<a name="Not fixed in Apache Tomcat 5.5.x">
+<strong>Not fixed in Apache Tomcat 5.5.x</strong>
+</a>
+</font>
+</td>
+</tr>
+<tr>
+<td>
+<p>
+<blockquote>
+  
+    <p>
+<i>Note: It is expected that this issue will be fixed in 5.5.29 but the
+       patch has not yet received the necessary votes to be applied to the 5.5.x
+       code base.</i>
+</p>
+       
+    <p>
+<strong>Low: Insecure default password</strong>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3548">
+       CVE-2009-3548</a>
+</p>
+
+    <p>The Windows installer defaults to a blank password for the administrative
+       user. If this is not changed during the install process, then by default
+       a user is created with the name admin, roles admin and manager and a
+       blank password.</p>
+
+    <p>Affects: 5.5.0-5.5.28</p>
+
+  </blockquote>
+</p>
+</td>
+</tr>
+<tr>
+<td>
+<br/>
+</td>
+</tr>
+</table>
+<table border="0" cellspacing="0" cellpadding="2" width="100%">
+<tr>
+<td bgcolor="#525D76">
+<font color="#ffffff" face="arial,helvetica,sanserif">
 <a name="Fixed in Apache Tomcat 5.5.28">
 <strong>Fixed in Apache Tomcat 5.5.28</strong>
 </a>

Modified: tomcat/site/trunk/docs/security-6.html
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-6.html?rev=834061&r1=834060&r2=834061&view=diff
==============================================================================
--- tomcat/site/trunk/docs/security-6.html (original)
+++ tomcat/site/trunk/docs/security-6.html Mon Nov  9 13:48:26 2009
@@ -212,6 +212,50 @@
 <tr>
 <td bgcolor="#525D76">
 <font color="#ffffff" face="arial,helvetica,sanserif">
+<a name="Not fixed in Apache Tomcat 6.0.x">
+<strong>Not fixed in Apache Tomcat 6.0.x</strong>
+</a>
+</font>
+</td>
+</tr>
+<tr>
+<td>
+<p>
+<blockquote>
+  
+    <p>
+<i>Note: It is expected that this issue will be fixed in 6.0.21 but the
+       patch has not yet received the necessary votes to be applied to the 6.0.x
+       code base.</i>
+</p>
+       
+    <p>
+<strong>Low: Insecure default password</strong>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3548">
+       CVE-2009-3548</a>
+</p>
+
+    <p>The Windows installer defaults to a blank password for the administrative
+       user. If this is not changed during the install process, then by default
+       a user is created with the name admin, roles admin and manager and a
+       blank password.</p>
+
+    <p>Affects: 6.0.0-6.0.20</p>
+
+  </blockquote>
+</p>
+</td>
+</tr>
+<tr>
+<td>
+<br/>
+</td>
+</tr>
+</table>
+<table border="0" cellspacing="0" cellpadding="2" width="100%">
+<tr>
+<td bgcolor="#525D76">
+<font color="#ffffff" face="arial,helvetica,sanserif">
 <a name="Fixed in Apache Tomcat 6.0.20">
 <strong>Fixed in Apache Tomcat 6.0.20</strong>
 </a>

Modified: tomcat/site/trunk/xdocs/security-5.xml
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-5.xml?rev=834061&r1=834060&r2=834061&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/security-5.xml (original)
+++ tomcat/site/trunk/xdocs/security-5.xml Mon Nov  9 13:48:26 2009
@@ -28,6 +28,25 @@
 
   </section>
 
+  <section name="Not fixed in Apache Tomcat 5.5.x">
+  
+    <p><i>Note: It is expected that this issue will be fixed in 5.5.29 but the
+       patch has not yet received the necessary votes to be applied to the 5.5.x
+       code base.</i></p>
+       
+    <p><strong>Low: Insecure default password</strong>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3548">
+       CVE-2009-3548</a></p>
+
+    <p>The Windows installer defaults to a blank password for the administrative
+       user. If this is not changed during the install process, then by default
+       a user is created with the name admin, roles admin and manager and a
+       blank password.</p>
+
+    <p>Affects: 5.5.0-5.5.28</p>
+
+  </section>
+
   <section name="Fixed in Apache Tomcat 5.5.28">
     <p><strong>Important: Information Disclosure</strong>
        <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5515">

Modified: tomcat/site/trunk/xdocs/security-6.xml
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-6.xml?rev=834061&r1=834060&r2=834061&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/security-6.xml (original)
+++ tomcat/site/trunk/xdocs/security-6.xml Mon Nov  9 13:48:26 2009
@@ -22,6 +22,25 @@
 
   </section>
 
+  <section name="Not fixed in Apache Tomcat 6.0.x">
+  
+    <p><i>Note: It is expected that this issue will be fixed in 6.0.21 but the
+       patch has not yet received the necessary votes to be applied to the 6.0.x
+       code base.</i></p>
+       
+    <p><strong>Low: Insecure default password</strong>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3548">
+       CVE-2009-3548</a></p>
+
+    <p>The Windows installer defaults to a blank password for the administrative
+       user. If this is not changed during the install process, then by default
+       a user is created with the name admin, roles admin and manager and a
+       blank password.</p>
+
+    <p>Affects: 6.0.0-6.0.20</p>
+
+  </section>
+
   <section name="Fixed in Apache Tomcat 6.0.20">
     <p><i>Note: These issues were fixed in Apache Tomcat 6.0.19 but the release
        vote for that release candidate did not pass. Therefore, although users



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message