tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jfcl...@apache.org
Subject svn commit: r1067228 - in /tomcat/site/trunk: docs/security-6.html xdocs/security-6.xml
Date Fri, 04 Feb 2011 17:22:38 GMT
Author: jfclere
Date: Fri Feb  4 17:22:37 2011
New Revision: 1067228

URL: http://svn.apache.org/viewvc?rev=1067228&view=rev
Log:
Add text for the 2 security issues.

Modified:
    tomcat/site/trunk/docs/security-6.html
    tomcat/site/trunk/xdocs/security-6.xml

Modified: tomcat/site/trunk/docs/security-6.html
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-6.html?rev=1067228&r1=1067227&r2=1067228&view=diff
==============================================================================
--- tomcat/site/trunk/docs/security-6.html (original)
+++ tomcat/site/trunk/docs/security-6.html Fri Feb  4 17:22:37 2011
@@ -3,18 +3,18 @@
 <html>
 <head>
 <title>Apache Tomcat - Apache Tomcat 6 vulnerabilities</title>
-<meta name="author" content="Apache Tomcat Project"/>
-<link type="text/css" href="stylesheets/tomcat.css" rel="stylesheet"/>
-<link type="text/css" href="stylesheets/tomcat-printer.css" rel="stylesheet" media="print"/>
+<meta content="Apache Tomcat Project" name="author" />
+<link rel="stylesheet" href="stylesheets/tomcat.css" type="text/css" />
+<link media="print" rel="stylesheet" href="stylesheets/tomcat-printer.css" type="text/css"
/>
 </head>
-<body bgcolor="#ffffff" text="#000000" link="#525D76" alink="#525D76" vlink="#525D76">
-<table border="0" width="100%" cellspacing="0">
+<body vlink="#525D76" alink="#525D76" link="#525D76" text="#000000" bgcolor="#ffffff">
+<table cellspacing="0" width="100%" border="0">
 <!--PAGE HEADER-->
 <tr>
 <td>
 <!--PROJECT LOGO-->
 <a href="http://tomcat.apache.org/">
-<img src="./images/tomcat.gif" align="left" alt="Tomcat Logo" border="0"/>
+<img border="0" alt="Tomcat Logo" align="left" src="./images/tomcat.gif" />
 </a>
 </td>
 <td>
@@ -25,28 +25,28 @@
 <td>
 <!--APACHE LOGO-->
 <a href="http://www.apache.org/">
-<img src="http://www.apache.org/images/asf-logo.gif" align="right" alt="Apache Logo" border="0"/>
+<img border="0" alt="Apache Logo" align="right" src="http://www.apache.org/images/asf-logo.gif"
/>
 </a>
 </td>
 </tr>
 </table>
 <div class="searchbox noPrint">
-<form action="http://www.google.com/search" method="get">
-<input value="tomcat.apache.org" name="sitesearch" type="hidden"/>
-<input value="Search the Site" size="25" name="q" id="query" type="text"/>
-<input name="Search" value="Search Site" type="submit"/>
+<form method="get" action="http://www.google.com/search">
+<input type="hidden" name="sitesearch" value="tomcat.apache.org" />
+<input type="text" id="query" name="q" size="25" value="Search the Site" />
+<input type="submit" value="Search Site" name="Search" />
 </form>
 </div>
-<table border="0" width="100%" cellspacing="4">
+<table cellspacing="4" width="100%" border="0">
 <!--HEADER SEPARATOR-->
 <tr>
 <td colspan="2">
-<hr noshade="" size="1"/>
+<hr size="1" noshade="" />
 </td>
 </tr>
 <tr>
 <!--LEFT SIDE NAVIGATION-->
-<td width="20%" valign="top" nowrap="true" class="noPrint">
+<td class="noPrint" nowrap="true" valign="top" width="20%">
 <p>
 <strong>Apache Tomcat</strong>
 </p>
@@ -178,11 +178,11 @@
 </ul>
 </td>
 <!--RIGHT SIDE MAIN BODY-->
-<td width="80%" valign="top" align="left" id="mainBody">
-<table border="0" cellspacing="0" cellpadding="2" width="100%">
+<td id="mainBody" align="left" valign="top" width="80%">
+<table width="100%" cellpadding="2" cellspacing="0" border="0">
 <tr>
 <td bgcolor="#525D76">
-<font color="#ffffff" face="arial,helvetica,sanserif">
+<font face="arial,helvetica,sanserif" color="#ffffff">
 <a name="Table of Contents">
 <!--()-->
 </a>
@@ -201,6 +201,9 @@
 <a href="#Apache_Tomcat_6.x_vulnerabilities">Apache Tomcat 6.x vulnerabilities</a>
 </li>
 <li>
+<a href="#Fixed_in_Apache_Tomcat_6.0.32">Fixed in Apache Tomcat 6.0.32</a>
+</li>
+<li>
 <a href="#Fixed_in_Apache_Tomcat_6.0.30">Fixed in Apache Tomcat 6.0.30</a>
 </li>
 <li>
@@ -243,14 +246,14 @@
 </tr>
 <tr>
 <td>
-<br/>
+<br />
 </td>
 </tr>
 </table>
-<table border="0" cellspacing="0" cellpadding="2" width="100%">
+<table width="100%" cellpadding="2" cellspacing="0" border="0">
 <tr>
 <td bgcolor="#525D76">
-<font color="#ffffff" face="arial,helvetica,sanserif">
+<font face="arial,helvetica,sanserif" color="#ffffff">
 <a name="Apache Tomcat 6.x vulnerabilities">
 <!--()-->
 </a>
@@ -285,14 +288,80 @@
 </tr>
 <tr>
 <td>
-<br/>
+<br />
+</td>
+</tr>
+</table>
+<table width="100%" cellpadding="2" cellspacing="0" border="0">
+<tr>
+<td bgcolor="#525D76">
+<font face="arial,helvetica,sanserif" color="#ffffff">
+<a name="Fixed in Apache Tomcat 6.0.32">
+<!--()-->
+</a>
+<a name="Fixed_in_Apache_Tomcat_6.0.32">
+<strong>Fixed in Apache Tomcat 6.0.32</strong>
+</a>
+</font>
+</td>
+<td bgcolor="#525D76" align="right">
+<font face="arial,helvetica.sanserif" color="#ffffff">
+<strong>released 03 Feb 2011</strong>
+</font>
+</td>
+</tr>
+<tr>
+<td colspan="2">
+<p>
+<blockquote>
+      <p>
+<strong>Important: Remote Denial Of Service</strong>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-XXXX">
+       CVE-2011-XXXX</a>
+</p>
+
+    <p>A wrong logic in JVM could cause Double conversion to hang JVM when
+       accessing to a form based security constrained page.
+       That behaviour can be used for a denial of service attack using
+       a carefully crafted request.
+    </p>
+
+    <p>This was first reported to the Tomcat security team on 02 Feb 2011 and
+       made public on 31 Jan 2011.</p>
+    <p>Affects: 6.0.0-6.0.31</p>
+
+      <p>
+<strong>Important: Remote Denial Of Service</strong>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0534">
+       CVE-2011-0534</a>
+</p>
+
+      <p>The NIO connector expands its buffer endlessly in request line.
+         That behaviour can be used for a denial of service attack using
+         a carefully crafted request.
+      </p>
+
+    <p>This was fixed in
+       <a href="http://svn.apache.org/viewvc?rev=1066313&amp;view=rev">
+       revision 1066313</a>.</p>
+
+    <p>Affects: 6.0.30</p>
+  
+
+  </blockquote>
+</p>
+</td>
+</tr>
+<tr>
+<td>
+<br />
 </td>
 </tr>
 </table>
-<table border="0" cellspacing="0" cellpadding="2" width="100%">
+<table width="100%" cellpadding="2" cellspacing="0" border="0">
 <tr>
 <td bgcolor="#525D76">
-<font color="#ffffff" face="arial,helvetica,sanserif">
+<font face="arial,helvetica,sanserif" color="#ffffff">
 <a name="Fixed in Apache Tomcat 6.0.30">
 <!--()-->
 </a>
@@ -301,8 +370,8 @@
 </a>
 </font>
 </td>
-<td align="right" bgcolor="#525D76">
-<font color="#ffffff" face="arial,helvetica.sanserif">
+<td bgcolor="#525D76" align="right">
+<font face="arial,helvetica.sanserif" color="#ffffff">
 <strong>released 13 Jan 2011</strong>
 </font>
 </td>
@@ -337,14 +406,14 @@
 </tr>
 <tr>
 <td>
-<br/>
+<br />
 </td>
 </tr>
 </table>
-<table border="0" cellspacing="0" cellpadding="2" width="100%">
+<table width="100%" cellpadding="2" cellspacing="0" border="0">
 <tr>
 <td bgcolor="#525D76">
-<font color="#ffffff" face="arial,helvetica,sanserif">
+<font face="arial,helvetica,sanserif" color="#ffffff">
 <a name="Fixed in Apache Tomcat 6.0.28">
 <!--()-->
 </a>
@@ -353,8 +422,8 @@
 </a>
 </font>
 </td>
-<td align="right" bgcolor="#525D76">
-<font color="#ffffff" face="arial,helvetica.sanserif">
+<td bgcolor="#525D76" align="right">
+<font face="arial,helvetica.sanserif" color="#ffffff">
 <strong>released 9 Jul 2010</strong>
 </font>
 </td>
@@ -426,14 +495,14 @@
 </tr>
 <tr>
 <td>
-<br/>
+<br />
 </td>
 </tr>
 </table>
-<table border="0" cellspacing="0" cellpadding="2" width="100%">
+<table width="100%" cellpadding="2" cellspacing="0" border="0">
 <tr>
 <td bgcolor="#525D76">
-<font color="#ffffff" face="arial,helvetica,sanserif">
+<font face="arial,helvetica,sanserif" color="#ffffff">
 <a name="Fixed in Apache Tomcat 6.0.24">
 <!--()-->
 </a>
@@ -442,8 +511,8 @@
 </a>
 </font>
 </td>
-<td align="right" bgcolor="#525D76">
-<font color="#ffffff" face="arial,helvetica.sanserif">
+<td bgcolor="#525D76" align="right">
+<font face="arial,helvetica.sanserif" color="#ffffff">
 <strong>released 21 Jan 2010</strong>
 </font>
 </td>
@@ -551,14 +620,14 @@
 </tr>
 <tr>
 <td>
-<br/>
+<br />
 </td>
 </tr>
 </table>
-<table border="0" cellspacing="0" cellpadding="2" width="100%">
+<table width="100%" cellpadding="2" cellspacing="0" border="0">
 <tr>
 <td bgcolor="#525D76">
-<font color="#ffffff" face="arial,helvetica,sanserif">
+<font face="arial,helvetica,sanserif" color="#ffffff">
 <a name="Fixed in Apache Tomcat 6.0.20">
 <!--()-->
 </a>
@@ -567,8 +636,8 @@
 </a>
 </font>
 </td>
-<td align="right" bgcolor="#525D76">
-<font color="#ffffff" face="arial,helvetica.sanserif">
+<td bgcolor="#525D76" align="right">
+<font face="arial,helvetica.sanserif" color="#ffffff">
 <strong>released 3 Jun 2009</strong>
 </font>
 </td>
@@ -698,14 +767,14 @@
 </tr>
 <tr>
 <td>
-<br/>
+<br />
 </td>
 </tr>
 </table>
-<table border="0" cellspacing="0" cellpadding="2" width="100%">
+<table width="100%" cellpadding="2" cellspacing="0" border="0">
 <tr>
 <td bgcolor="#525D76">
-<font color="#ffffff" face="arial,helvetica,sanserif">
+<font face="arial,helvetica,sanserif" color="#ffffff">
 <a name="Fixed in Apache Tomcat 6.0.18">
 <!--()-->
 </a>
@@ -714,8 +783,8 @@
 </a>
 </font>
 </td>
-<td align="right" bgcolor="#525D76">
-<font color="#ffffff" face="arial,helvetica.sanserif">
+<td bgcolor="#525D76" align="right">
+<font face="arial,helvetica.sanserif" color="#ffffff">
 <strong>released 31 Jul 2008</strong>
 </font>
 </td>
@@ -801,14 +870,14 @@
 </tr>
 <tr>
 <td>
-<br/>
+<br />
 </td>
 </tr>
 </table>
-<table border="0" cellspacing="0" cellpadding="2" width="100%">
+<table width="100%" cellpadding="2" cellspacing="0" border="0">
 <tr>
 <td bgcolor="#525D76">
-<font color="#ffffff" face="arial,helvetica,sanserif">
+<font face="arial,helvetica,sanserif" color="#ffffff">
 <a name="Fixed in Apache Tomcat 6.0.16">
 <!--()-->
 </a>
@@ -817,8 +886,8 @@
 </a>
 </font>
 </td>
-<td align="right" bgcolor="#525D76">
-<font color="#ffffff" face="arial,helvetica.sanserif">
+<td bgcolor="#525D76" align="right">
+<font face="arial,helvetica.sanserif" color="#ffffff">
 <strong>released 8 Feb 2008</strong>
 </font>
 </td>
@@ -898,14 +967,14 @@
 </tr>
 <tr>
 <td>
-<br/>
+<br />
 </td>
 </tr>
 </table>
-<table border="0" cellspacing="0" cellpadding="2" width="100%">
+<table width="100%" cellpadding="2" cellspacing="0" border="0">
 <tr>
 <td bgcolor="#525D76">
-<font color="#ffffff" face="arial,helvetica,sanserif">
+<font face="arial,helvetica,sanserif" color="#ffffff">
 <a name="Fixed in Apache Tomcat 6.0.14">
 <!--()-->
 </a>
@@ -914,8 +983,8 @@
 </a>
 </font>
 </td>
-<td align="right" bgcolor="#525D76">
-<font color="#ffffff" face="arial,helvetica.sanserif">
+<td bgcolor="#525D76" align="right">
+<font face="arial,helvetica.sanserif" color="#ffffff">
 <strong>released 13 Aug 2007</strong>
 </font>
 </td>
@@ -995,14 +1064,14 @@
 </tr>
 <tr>
 <td>
-<br/>
+<br />
 </td>
 </tr>
 </table>
-<table border="0" cellspacing="0" cellpadding="2" width="100%">
+<table width="100%" cellpadding="2" cellspacing="0" border="0">
 <tr>
 <td bgcolor="#525D76">
-<font color="#ffffff" face="arial,helvetica,sanserif">
+<font face="arial,helvetica,sanserif" color="#ffffff">
 <a name="Fixed in Apache Tomcat 6.0.11">
 <!--()-->
 </a>
@@ -1011,8 +1080,8 @@
 </a>
 </font>
 </td>
-<td align="right" bgcolor="#525D76">
-<font color="#ffffff" face="arial,helvetica.sanserif">
+<td bgcolor="#525D76" align="right">
+<font face="arial,helvetica.sanserif" color="#ffffff">
 <strong>not released</strong>
 </font>
 </td>
@@ -1058,14 +1127,14 @@
 </tr>
 <tr>
 <td>
-<br/>
+<br />
 </td>
 </tr>
 </table>
-<table border="0" cellspacing="0" cellpadding="2" width="100%">
+<table width="100%" cellpadding="2" cellspacing="0" border="0">
 <tr>
 <td bgcolor="#525D76">
-<font color="#ffffff" face="arial,helvetica,sanserif">
+<font face="arial,helvetica,sanserif" color="#ffffff">
 <a name="Fixed in Apache Tomcat 6.0.10">
 <!--()-->
 </a>
@@ -1074,8 +1143,8 @@
 </a>
 </font>
 </td>
-<td align="right" bgcolor="#525D76">
-<font color="#ffffff" face="arial,helvetica.sanserif">
+<td bgcolor="#525D76" align="right">
+<font face="arial,helvetica.sanserif" color="#ffffff">
 <strong>released 28 Feb 2007</strong>
 </font>
 </td>
@@ -1122,14 +1191,14 @@
 </tr>
 <tr>
 <td>
-<br/>
+<br />
 </td>
 </tr>
 </table>
-<table border="0" cellspacing="0" cellpadding="2" width="100%">
+<table width="100%" cellpadding="2" cellspacing="0" border="0">
 <tr>
 <td bgcolor="#525D76">
-<font color="#ffffff" face="arial,helvetica,sanserif">
+<font face="arial,helvetica,sanserif" color="#ffffff">
 <a name="Fixed in Apache Tomcat 6.0.9">
 <!--()-->
 </a>
@@ -1138,8 +1207,8 @@
 </a>
 </font>
 </td>
-<td align="right" bgcolor="#525D76">
-<font color="#ffffff" face="arial,helvetica.sanserif">
+<td bgcolor="#525D76" align="right">
+<font face="arial,helvetica.sanserif" color="#ffffff">
 <strong>released 8 Feb 2007</strong>
 </font>
 </td>
@@ -1166,14 +1235,14 @@
 </tr>
 <tr>
 <td>
-<br/>
+<br />
 </td>
 </tr>
 </table>
-<table border="0" cellspacing="0" cellpadding="2" width="100%">
+<table width="100%" cellpadding="2" cellspacing="0" border="0">
 <tr>
 <td bgcolor="#525D76">
-<font color="#ffffff" face="arial,helvetica,sanserif">
+<font face="arial,helvetica,sanserif" color="#ffffff">
 <a name="Fixed in Apache Tomcat 6.0.6">
 <!--()-->
 </a>
@@ -1182,8 +1251,8 @@
 </a>
 </font>
 </td>
-<td align="right" bgcolor="#525D76">
-<font color="#ffffff" face="arial,helvetica.sanserif">
+<td bgcolor="#525D76" align="right">
+<font face="arial,helvetica.sanserif" color="#ffffff">
 <strong>released 18 Dec 2006</strong>
 </font>
 </td>
@@ -1214,14 +1283,14 @@
 </tr>
 <tr>
 <td>
-<br/>
+<br />
 </td>
 </tr>
 </table>
-<table border="0" cellspacing="0" cellpadding="2" width="100%">
+<table width="100%" cellpadding="2" cellspacing="0" border="0">
 <tr>
 <td bgcolor="#525D76">
-<font color="#ffffff" face="arial,helvetica,sanserif">
+<font face="arial,helvetica,sanserif" color="#ffffff">
 <a name="Not a vulnerability in Tomcat">
 <!--()-->
 </a>
@@ -1313,7 +1382,7 @@
 </tr>
 <tr>
 <td>
-<br/>
+<br />
 </td>
 </tr>
 </table>
@@ -1322,17 +1391,17 @@
 <!--FOOTER SEPARATOR-->
 <tr>
 <td colspan="2">
-<hr noshade="" size="1"/>
+<hr size="1" noshade="" />
 </td>
 </tr>
 <!--PAGE FOOTER-->
 <tr>
 <td colspan="2">
 <div align="center">
-<font color="#525D76" size="-1">
+<font size="-1" color="#525D76">
 <em>
         Copyright © 1999-2011, The Apache Software Foundation
-        <br/>
+        <br />
         Apache Tomcat, Tomcat, Apache, the Apache feather, and the Apache Tomcat
         project logo are trademarks of the Apache Software Foundation.
         </em>

Modified: tomcat/site/trunk/xdocs/security-6.xml
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-6.xml?rev=1067228&r1=1067227&r2=1067228&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/security-6.xml (original)
+++ tomcat/site/trunk/xdocs/security-6.xml Fri Feb  4 17:22:37 2011
@@ -30,6 +30,39 @@
 
   </section>
 
+  <section name="Fixed in Apache Tomcat 6.0.32" rtext="released 03 Feb 2011">
+      <p><strong>Important: Remote Denial Of Service</strong>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-XXXX">
+       CVE-2011-XXXX</a></p>
+
+    <p>A wrong logic in JVM could cause Double conversion to hang JVM when
+       accessing to a form based security constrained page.
+       That behaviour can be used for a denial of service attack using
+       a carefully crafted request.
+    </p>
+
+    <p>This was first reported to the Tomcat security team on 01 Feb 2011 and
+       made public on 31 Jan 2011.</p>
+    <p>Affects: 6.0.0-6.0.31</p>
+
+      <p><strong>Important: Remote Denial Of Service</strong>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0534">
+       CVE-2011-0534</a></p>
+
+      <p>The NIO connector expands its buffer endlessly in request line.
+         That behaviour can be used for a denial of service attack using
+         a carefully crafted request.
+      </p>
+
+    <p>This was fixed in
+       <a href="http://svn.apache.org/viewvc?rev=1066313&amp;view=rev">
+       revision 1066313</a>.</p>
+
+    <p>Affects: 6.0.30</p>
+  
+
+  </section>
+
   <section name="Fixed in Apache Tomcat 6.0.30" rtext="released 13 Jan 2011">
   
       <p><strong>moderate: Cross-site scripting</strong>



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message