Apache Tomcat - Apache Tomcat 6 vulnerabilities

Return-Path: Delivered-To: apmail-tomcat-dev-archive@www.apache.org Received: (qmail 23423 invoked from network); 4 Feb 2011 17:23:08 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 4 Feb 2011 17:23:08 -0000 Received: (qmail 42306 invoked by uid 500); 4 Feb 2011 17:23:07 -0000 Delivered-To: apmail-tomcat-dev-archive@tomcat.apache.org Received: (qmail 41797 invoked by uid 500); 4 Feb 2011 17:23:05 -0000 Mailing-List: contact dev-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Developers List" Delivered-To: mailing list dev@tomcat.apache.org Received: (qmail 41782 invoked by uid 99); 4 Feb 2011 17:23:04 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 04 Feb 2011 17:23:04 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=5.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 04 Feb 2011 17:23:00 +0000 Received: by eris.apache.org (Postfix, from userid 65534) id 3203B238890B; Fri, 4 Feb 2011 17:22:38 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Subject: svn commit: r1067228 - in /tomcat/site/trunk: docs/security-6.html xdocs/security-6.xml Date: Fri, 04 Feb 2011 17:22:38 -0000 To: dev@tomcat.apache.org From: jfclere@apache.org X-Mailer: svnmailer-1.0.8 Message-Id: <20110204172238.3203B238890B@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Author: jfclere Date: Fri Feb 4 17:22:37 2011 New Revision: 1067228 URL: http://svn.apache.org/viewvc?rev=1067228&view=rev Log: Add text for the 2 security issues. Modified: tomcat/site/trunk/docs/security-6.html tomcat/site/trunk/xdocs/security-6.xml Modified: tomcat/site/trunk/docs/security-6.html URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-6.html?rev=1067228&r1=1067227&r2=1067228&view=diff ============================================================================== --- tomcat/site/trunk/docs/security-6.html (original) +++ tomcat/site/trunk/docs/security-6.html Fri Feb 4 17:22:37 2011 @@ -3,18 +3,18 @@ Apache Tomcat - Apache Tomcat 6 vulnerabilities - - - + + + - - + +

-

@@ -25,28 +25,28 @@

-

- +

- -

-

+

+

Apache Tomcat

@@ -178,11 +178,11 @@

- +

+

- + @@ -201,6 +201,9 @@ Apache Tomcat 6.x vulnerabilities

+Fixed in Apache Tomcat 6.0.32 +

+

Fixed in Apache Tomcat 6.0.30

@@ -243,14 +246,14 @@

-
+

- +

+ +

- + @@ -285,14 +288,80 @@

-
+
+

+ + + + + + + + + +

+ + + + + +Fixed in Apache Tomcat 6.0.32 + + +

+ +released 03 Feb 2011 + +

+

+

+
+Important: Remote Denial Of Service + + CVE-2011-XXXX +
+ +
A wrong logic in JVM could cause Double conversion to hang JVM when + accessing to a form based security constrained page. + That behaviour can be used for a denial of service attack using + a carefully crafted request. +
+ +
This was first reported to the Tomcat security team on 02 Feb 2011 and + made public on 31 Jan 2011.
+
Affects: 6.0.0-6.0.31
+ +
+Important: Remote Denial Of Service + + CVE-2011-0534 +
+ +
The NIO connector expands its buffer endlessly in request line. + That behaviour can be used for a denial of service attack using + a carefully crafted request. +
+ +
This was fixed in + + revision 1066313.
+ +
Affects: 6.0.30
+ + +

+

+

+

- +

- @@ -337,14 +406,14 @@

- + @@ -301,8 +370,8 @@	- +	+ released 13 Jan 2011
- +

- +

- @@ -426,14 +495,14 @@

- + @@ -353,8 +422,8 @@	- +	+ released 9 Jul 2010
- +

- +

- @@ -551,14 +620,14 @@

- + @@ -442,8 +511,8 @@	- +	+ released 21 Jan 2010
- +

- +

- @@ -698,14 +767,14 @@

- + @@ -567,8 +636,8 @@	- +	+ released 3 Jun 2009
- +

- +

- @@ -801,14 +870,14 @@

- + @@ -714,8 +783,8 @@	- +	+ released 31 Jul 2008
- +

- +

- @@ -898,14 +967,14 @@

- + @@ -817,8 +886,8 @@	- +	+ released 8 Feb 2008
- +

- +

- @@ -995,14 +1064,14 @@

- + @@ -914,8 +983,8 @@	- +	+ released 13 Aug 2007
- +

- +

- @@ -1058,14 +1127,14 @@

- + @@ -1011,8 +1080,8 @@	- +	+ not released
- +

- +

- @@ -1122,14 +1191,14 @@

- + @@ -1074,8 +1143,8 @@	- +	+ released 28 Feb 2007
- +

- +

- @@ -1166,14 +1235,14 @@

- + @@ -1138,8 +1207,8 @@	- +	+ released 8 Feb 2007
- +

- +

- @@ -1214,14 +1283,14 @@

- + @@ -1182,8 +1251,8 @@	- +	+ released 18 Dec 2006
- +

- +

- + @@ -1313,7 +1382,7 @@

-
+

@@ -1322,17 +1391,17 @@

-

+

- + Copyright © 1999-2011, The Apache Software Foundation -
+
Apache Tomcat, Tomcat, Apache, the Apache feather, and the Apache Tomcat project logo are trademarks of the Apache Software Foundation. Modified: tomcat/site/trunk/xdocs/security-6.xml URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-6.xml?rev=1067228&r1=1067227&r2=1067228&view=diff ============================================================================== --- tomcat/site/trunk/xdocs/security-6.xml (original) +++ tomcat/site/trunk/xdocs/security-6.xml Fri Feb 4 17:22:37 2011 @@ -30,6 +30,39 @@ +

+

Important: Remote Denial Of Service + + CVE-2011-XXXX

+ +

A wrong logic in JVM could cause Double conversion to hang JVM when + accessing to a form based security constrained page. + That behaviour can be used for a denial of service attack using + a carefully crafted request. +

+ +

This was first reported to the Tomcat security team on 01 Feb 2011 and + made public on 31 Jan 2011.

+

Affects: 6.0.0-6.0.31

+ +

Important: Remote Denial Of Service + + CVE-2011-0534

+ +

The NIO connector expands its buffer endlessly in request line. + That behaviour can be used for a denial of service attack using + a carefully crafted request. +

+ +

This was fixed in + + revision 1066313.

+ +

Affects: 6.0.30

+ + +

+

moderate: Cross-site scripting --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org For additional commands, e-mail: dev-help@tomcat.apache.org