tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ma...@apache.org
Subject svn commit: r1145952 [2/2] - in /tomcat/site/trunk: docs/ xdocs/
Date Wed, 13 Jul 2011 10:58:00 GMT
Modified: tomcat/site/trunk/xdocs/security-4.xml
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-4.xml?rev=1145952&r1=1145951&r2=1145952&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/security-4.xml (original)
+++ tomcat/site/trunk/xdocs/security-4.xml Wed Jul 13 10:57:59 2011
@@ -32,8 +32,8 @@
 
   <section name="Will not be fixed in Apache Tomcat 4.1.x">
     <p><strong>moderate: Information disclosure</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4836">
-       CVE-2005-4836</a></p>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4836"
+       rel="nofollow">CVE-2005-4836</a></p>
 
     <p>The deprecated HTTP/1.1 connector does not reject request URIs containing
        null bytes when used with contexts that are configured with
@@ -49,8 +49,8 @@
 
   <section name="Fixed in Apache Tomcat 4.1.40">
     <p><strong>Important: Information Disclosure</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5515">
-       CVE-2008-5515</a></p>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5515"
+       rel="nofollow">CVE-2008-5515</a></p>
 
     <p>When using a RequestDispatcher obtained from the Request, the target path
        was normalised before the query string was removed. A request that
@@ -67,8 +67,8 @@
     <p>Affects: 4.1.0-4.1.39</p>
 
     <p><strong>Important: Denial of Service</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0033">
-       CVE-2009-0033</a></p>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0033"
+       rel="nofollow">CVE-2009-0033</a></p>
 
     <p>If Tomcat receives a request with invalid headers via the Java AJP
        connector, it does not return an error and instead closes the AJP
@@ -84,8 +84,8 @@
     <p>Affects: 4.1.0-4.1.39</p>
  
     <p><strong>low: Information disclosure</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0580">
-       CVE-2009-0580</a></p>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0580"
+       rel="nofollow">CVE-2009-0580</a></p>
 
     <p>Due to insufficient error checking in some authentication classes, Tomcat
        allows for the enumeration (brute force testing) of user names by
@@ -102,8 +102,8 @@
                 4.1.17-4.1.31 (DataSource Realm)</p>
        
     <p><strong>low: Cross-site scripting</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0781">
-       CVE-2009-0781</a></p>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0781"
+       rel="nofollow">CVE-2009-0781</a></p>
 
     <p>The calendar application in the examples web application contains an
        XSS flaw due to invalid HTML which renders the XSS filtering protection
@@ -116,8 +116,8 @@
     <p>Affects: 4.1.0-4.1.39</p>
 
     <p><strong>low: Information disclosure</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0783">
-       CVE-2009-0783</a></p>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0783"
+       rel="nofollow">CVE-2009-0783</a></p>
 
     <p>Bugs <a href="https://issues.apache.org/bugzilla/show_bug.cgi?id=29936">
        29936</a> and
@@ -139,8 +139,8 @@
   <section name="Fixed in Apache Tomcat 4.1.39">
 
     <p><strong>moderate: Session hi-jacking</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0128">
-       CVE-2008-0128</a></p>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0128"
+       rel="nofollow">CVE-2008-0128</a></p>
 
     <p>When using the SingleSignOn Valve via https the Cookie JSESSIONIDSSO is
        transmitted without the "secure" attribute, resulting in it being
@@ -154,8 +154,8 @@
     <p>Affects: 4.1.0-4.1.37</p>
 
     <p><strong>low: Cross-site scripting</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1232">
-       CVE-2008-1232</a></p>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1232"
+       rel="nofollow">CVE-2008-1232</a></p>
 
     <p>The message argument of HttpServletResponse.sendError() call is not only
        displayed on the error page, but is also used for the reason-phrase of
@@ -172,8 +172,8 @@
     <p>Affects: 4.1.0-4.1.37</p>
 
     <p><strong>important: Information disclosure</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2370">
-       CVE-2008-2370</a></p>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2370"
+       rel="nofollow">CVE-2008-2370</a></p>
 
     <p>When using a RequestDispatcher the target path was normalised before the 
        query string was removed. A request that included a specially crafted 
@@ -191,8 +191,8 @@
 
   <section name="Fixed in Apache Tomcat 4.1.37">
     <p><strong>important: Information disclosure</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3164">
-       CVE-2005-3164</a></p>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3164"
+       rel="nofollow">CVE-2005-3164</a></p>
 
     <p>If a client specifies a Content-Length but disconnects before sending
        any of the request body, the deprecated AJP connector processes the
@@ -203,8 +203,8 @@
     <p>Affects: 4.0.1-4.0.6, 4.1.0-4.1.36</p>
 
     <p><strong>moderate: Cross-site scripting</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1355">
-       CVE-2007-1355</a></p>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1355"
+       rel="nofollow">CVE-2007-1355</a></p>
 
     <p>The JSP and Servlet included in the sample application within the Tomcat
        documentation webapp did not escape user provided data before including
@@ -214,8 +214,8 @@
     <p>Affects: 4.0.1-4.0.6, 4.1.0-4.1.36</p>
 
     <p><strong>low: Cross-site scripting</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2449">
-       CVE-2007-2449</a></p>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2449"
+       rel="nofollow">CVE-2007-2449</a></p>
 
     <p>JSPs within the examples web application did not escape user provided
        data before including it in the output. This enabled a XSS attack. These
@@ -228,8 +228,8 @@
     <p>Affects: 4.0.0-4.0.6, 4.1.0-4.1.36</p>
 
     <p><strong>low: Cross-site scripting</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2450">
-       CVE-2007-2450</a></p>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2450"
+       rel="nofollow">CVE-2007-2450</a></p>
 
     <p>The Manager web application did not escape user provided data before
        including it in the output. This enabled a XSS attack. This application
@@ -240,8 +240,8 @@
     <p>Affects: 4.0.1-4.0.6, 4.1.0-4.1.36</p>
 
     <p><strong>low: Session hi-jacking</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3382">
-       CVE-2007-3382</a></p>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3382"
+       rel="nofollow">CVE-2007-3382</a></p>
 
     <p>Tomcat incorrectly treated a single quote character (') in a cookie
        value as a delimiter. In some circumstances this lead to the leaking of
@@ -250,8 +250,8 @@
     <p>Affects: 4.1.0-4.1.36</p>
 
     <p><strong>low: Cross-site scripting</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3383">
-       CVE-2007-3383</a></p>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3383"
+       rel="nofollow">CVE-2007-3383</a></p>
 
     <p>When reporting error messages, the SendMailServlet (part of the examples
        web application) did not escape user provided data before including it in
@@ -264,8 +264,8 @@
     <p>Affects: 4.0.0-4.0.6, 4.1.0-4.1.36</p>
 
     <p><strong>low: Session hi-jacking</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3385">
-       CVE-2007-3385</a></p>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3385"
+       rel="nofollow">CVE-2007-3385</a></p>
 
     <p>Tomcat incorrectly handled the character sequence \" in a cookie value.
        In some circumstances this lead to the leaking of information such as
@@ -274,19 +274,19 @@
     <p>Affects: 4.1.0-4.1.36</p>
 
     <p><strong>low: Session hi-jacking</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5333">
-       CVE-2007-5333</a></p>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5333"
+       rel="nofollow">CVE-2007-5333</a></p>
 
     <p>The previous fix for
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3385">
-       CVE-2007-3385</a> was incomplete. It did not consider the use of quotes
-       or %5C within a cookie value.</p>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3385"
+       rel="nofollow">CVE-2007-3385</a> was incomplete. It did not consider the
+       use of quotes or %5C within a cookie value.</p>
 
     <p>Affects: 4.1.0-4.1.36</p>
 
     <p><strong>important: Information disclosure</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5461">
-       CVE-2007-5461</a></p>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5461"
+       rel="nofollow">CVE-2007-5461</a></p>
 
     <p>When Tomcat's WebDAV servlet is configured for use with a context and
        has been enabled for write, some WebDAV requests that specify an entity
@@ -299,8 +299,8 @@
 
   <section name="Fixed in Apache Tomcat 4.1.36">
     <p><strong>important: Information disclosure</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2090">
-       CVE-2005-2090</a></p>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2090"
+       rel="nofollow">CVE-2005-2090</a></p>
 
     <p>Requests with multiple content-length headers should be rejected as
        invalid. When multiple components (firewalls, caches, proxies and Tomcat)
@@ -316,44 +316,47 @@
     <p>Affects: 4.0.0-4.0.6, 4.1.0-4.1.34</p>
 
     <p><strong>important: Directory traversal</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0450">
-       CVE-2007-0450</a></p>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0450"
+       rel="nofollow">CVE-2007-0450</a></p>
 
     <p>The fix for this issue was insufficient. A fix was also required in the
        JK connector module for httpd. See 
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1860">
-       CVE-2007-1860</a> for further information.</p>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1860"
+       rel="nofollow">CVE-2007-1860</a> for further information.</p>
 
-    <p>Tomcat permits '\', '%2F' and '%5C' as path delimiters. When Tomcat is used 
-       behind a proxy (including, but not limited to, Apache HTTP server with 
-       mod_proxy and mod_jk) configured to only proxy some contexts, a HTTP request 
-       containing strings like "/\../" may allow attackers to work around the context 
-       restriction of the proxy, and access the non-proxied contexts.
+    <p>Tomcat permits '\', '%2F' and '%5C' as path delimiters. When Tomcat is
+       used behind a proxy (including, but not limited to, Apache HTTP server
+       with mod_proxy and mod_jk) configured to only proxy some contexts, a HTTP
+       request containing strings like "/\../" may allow attackers to work
+       around the context restriction of the proxy, and access the non-proxied
+       contexts.
     </p>
 
     <p>The following Java system properties have been added to Tomcat to provide 
-       additional control of the handling of path delimiters in URLs (both options 
-       default to false):
+       additional control of the handling of path delimiters in URLs (both
+       options default to false):
        <ul>
          <li>
-           <code>org.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH</code>: <code>true|false</code>
+           <code>org.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH</code>:
+           <code>true|false</code>
          </li>
          <li>
-           <code>org.apache.catalina.connector.CoyoteAdapter.ALLOW_BACKSLASH</code>: <code>true|false</code>
+           <code>org.apache.catalina.connector.CoyoteAdapter.ALLOW_BACKSLASH</code>:
+           <code>true|false</code>
          </li>
        </ul>
     </p>
 
-    <p>Due to the impossibility to guarantee that all URLs are handled by Tomcat as 
-       they are in proxy servers, Tomcat should always be secured as if no proxy 
-       restricting context access was used.
+    <p>Due to the impossibility to guarantee that all URLs are handled by Tomcat
+       as they are in proxy servers, Tomcat should always be secured as if no
+       proxy restricting context access was used.
     </p>
 
     <p>Affects: 4.0.0-4.0.6, 4.1.0-4.1.34</p>
 
     <p><strong>low: Cross-site scripting</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1358">
-       CVE-2007-1358</a></p>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1358"
+       rel="nofollow">CVE-2007-1358</a></p>
 
     <p>Web pages that display the Accept-Language header value sent by the
        client are susceptible to a cross-site scripting attack if they assume
@@ -370,8 +373,8 @@
   <section name="Fixed in Apache Tomcat 4.1.35">
 
     <p><strong>low: Information disclosure</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4308">
-       CVE-2008-4308</a></p>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4308"
+       rel="nofollow">CVE-2008-4308</a></p>
 
     <p><a href="https://issues.apache.org/bugzilla/show_bug.cgi?id=40771">Bug
     40771</a> may result in the disclosure of POSTed content from a previous
@@ -386,8 +389,8 @@
   <section name="Fixed in Apache Tomcat 4.1.32">
 
     <p><strong>low: Information disclosure</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3271">
-       CVE-2008-3271</a></p>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3271"
+       rel="nofollow">CVE-2008-3271</a></p>
 
     <p><a href="https://issues.apache.org/bugzilla/show_bug.cgi?id=25835">
     Bug 25835</a> can, in rare circumstances - this has only been reproduced
@@ -399,8 +402,8 @@
     <p>Affects: 4.1.0-4.1.31</p>
 
     <p><strong>important: Information disclosure</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1858">
-       CVE-2007-1858</a></p>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1858"
+       rel="nofollow">CVE-2007-1858</a></p>
 
     <p>The default SSL configuration permitted the use of insecure cipher suites
        including the anonymous cipher suite. The default configuration no
@@ -409,8 +412,8 @@
     <p>Affects: 4.1.28-4.1.31</p>
 
     <p><strong>low: Cross-site scripting</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7196">
-       CVE-2006-7196</a></p>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7196"
+       rel="nofollow">CVE-2006-7196</a></p>
 
     <p>The calendar application included as part of the JSP examples is
        susceptible to a cross-site scripting attack as it does not escape
@@ -419,8 +422,8 @@
     <p>Affects: 4.0.0-4.0.6, 4.1.0-4.1.31</p>
 
     <p><strong>low: Directory listing</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3835">
-       CVE-2006-3835</a></p>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3835"
+       rel="nofollow">CVE-2006-3835</a></p>
 
     <p>This is expected behaviour when directory listings are enabled. The
        semicolon (;) is the separator for path parameters so inserting one
@@ -432,8 +435,8 @@
     <p>Affects: 4.0.0-4.0.6, 4.1.0-4.1.31</p>
 
     <p><strong>low: Cross-site scripting</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4838">
-       CVE-2005-4838</a></p>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4838"
+       rel="nofollow">CVE-2005-4838</a></p>
 
     <p>Various JSPs included as part of the JSP examples and the Tomcat Manager
        are susceptible to a cross-site scripting attack as they do not escape
@@ -442,8 +445,8 @@
     <p>Affects: 4.0.0-4.0.6, 4.1.0-4.1.31</p>
 
     <p><strong>important: Denial of service</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3510">
-       CVE-2005-3510</a></p>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3510"
+       rel="nofollow">CVE-2005-3510</a></p>
 
     <p>The root cause is the relatively expensive calls required to generate
        the content for the directory listings. If directory listings are
@@ -459,8 +462,8 @@
 
   <section name="Fixed in Apache Tomcat 4.1.29">
     <p><strong>moderate: Cross-site scripting</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1567">
-       CVE-2002-1567</a></p>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1567"
+       rel="nofollow">CVE-2002-1567</a></p>
 
     <p>The unmodified requested URL is included in the 404 response header. The
        new lines in this URL appear to the client to be the end of the header
@@ -474,22 +477,22 @@
 
   <section name="Fixed in Apache Tomcat 4.1.13, 4.0.6">
     <p><strong>important: Information disclosure</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1394">
-       CVE-2002-1394</a></p>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1394"
+       rel="nofollow">CVE-2002-1394</a></p>
 
     <p>A specially crafted URL using the invoker servlet in conjunction with the
        default servlet can enable an attacker to obtain the source of JSP pages
        or, under special circumstances, a static resource that would otherwise
        have been protected by a security constraint without the need to be
        properly authenticated. This is a variation of
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1148">
-       CVE-2002-1148</a></p>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1148"
+       rel="nofollow">CVE-2002-1148</a></p>
 
     <p>Affects: 4.0.0-4.0.5, 4.1.0-4.1.12</p>
 
     <p><strong>moderate: Cross-site scripting</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0682">
-       CVE-2002-0682</a></p>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0682"
+       rel="nofollow">CVE-2002-0682</a></p>
 
     <p>A specially crafted URL using the invoker servlet and various internal
        classess causes Tomcat to throw an exception that includes unescaped
@@ -500,8 +503,8 @@
 
   <section name="Fixed in Apache Tomcat 4.1.12, 4.0.5">
     <p><strong>important: Information disclosure</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1148">
-       CVE-2002-1148</a></p>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1148"
+       rel="nofollow">CVE-2002-1148</a></p>
 
     <p>A specially crafted URL using the default servlet can enable an attacker
        to obtain the source of JSP pages.</p>
@@ -511,8 +514,8 @@
 
   <section name="Fixed in Apache Tomcat 4.1.3">
     <p><strong>important: Denial of service</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0935">
-       CVE-2002-0935</a></p>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0935"
+       rel="nofollow">CVE-2002-0935</a></p>
 
     <p>A malformed HTTP request can cause the request processing thread to
        become unresponsive. A sequence of such requests will cause all request
@@ -524,8 +527,8 @@
 
   <section name="Fixed in Apache Tomcat 4.1.0">
     <p><strong>important: Denial of service</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0866">
-       CVE-2003-0866</a></p>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0866"
+       rel="nofollow">CVE-2003-0866</a></p>
 
     <p>A malformed HTTP request can cause the request processing thread to
        become unresponsive. A sequence of such requests will cause all request
@@ -534,8 +537,8 @@
     <p>Affects: 4.0.0-4.0.6</p>
 
     <p><strong>low: Information disclosure</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2006">
-       CVE-2002-2006</a></p>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2006"
+       rel="nofollow">CVE-2002-2006</a></p>
 
     <p>The snoop and trouble shooting servlets installed as part of the examples
        include output that identifies the Tomcat installation path.</p>
@@ -546,10 +549,10 @@
 
   <section name="Fixed in Apache Tomcat 4.0.2">
     <p><strong>low: Information disclosure</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2009">
-       CVE-2002-2009</a>,
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0917">
-       CVE-2001-0917</a></p>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2009"
+       rel="nofollow">CVE-2002-2009</a>,
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0917"
+       rel="nofollow">CVE-2001-0917</a></p>
 
     <p>Requests for JSP files where the file name is preceded by '+/', '&gt;/',
        '&lt;/' or '%20/' or a request for a JSP with a long file name would
@@ -561,8 +564,8 @@
 
   <section name="Fixed in Apache Tomcat 4.0.0">
     <p><strong>moderate: Security manager bypass</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0493">
-       CVE-2002-0493</a></p>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0493"
+       rel="nofollow">CVE-2002-0493</a></p>
 
     <p>If errors are encountered during the parsing of web.xml and Tomcat is
        configured to use a security manager it is possible for Tomcat to start
@@ -573,10 +576,10 @@
 
   <section name="Unverified">
     <p><strong>low: Installation path disclosure</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4703">
-       CVE-2005-4703</a>, 
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2008">
-       CVE-2002-2008</a><br/></p>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4703"
+       rel="nofollow">CVE-2005-4703</a>, 
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2008"
+       rel="nofollow">CVE-2002-2008</a><br/></p>
 
     <p>This issue only affects Windows operating systems. It can not be
        reproduced on Windows XP Home with JDKs 1.3.1, 1.4.2, 1.5.0 or 1.6.0.
@@ -588,8 +591,8 @@
     <p>Affects: 4.0.3?</p>
 
     <p><strong>important: Denial of service</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1895">
-       CVE-2002-1895</a><br/></p>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1895"
+       rel="nofollow">CVE-2002-1895</a><br/></p>
 
     <p>This issue only affects configurations that use IIS in conjunction with
        Tomcat and the AJP1.3 connector. It can not be reproduced using Windows
@@ -602,8 +605,8 @@
 
   <section name="Not a vulnerability in Tomcat">
     <p><strong>Denial of service vulnerability</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0936">
-       CVE-2002-0936</a></p>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0936"
+       rel="nofollow">CVE-2002-0936</a></p>
 
     <p>The issue described requires an attacker to be able to plant a JSP page
        on the Tomcat server. If an attacker can do this then the server is
@@ -612,8 +615,8 @@
        internal Sun class.</p>
 
     <p><strong>important: Directory traversal</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2938">
-       CVE-2008-2938</a></p>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2938"
+       rel="nofollow">CVE-2008-2938</a></p>
 
     <p>Originally reported as a Tomcat vulnerability the root cause of this
        issue is that the JVM does not correctly decode UTF-8 encoded URLs to

Modified: tomcat/site/trunk/xdocs/security-5.xml
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-5.xml?rev=1145952&r1=1145951&r2=1145952&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/security-5.xml (original)
+++ tomcat/site/trunk/xdocs/security-5.xml Wed Jul 13 10:57:59 2011
@@ -49,8 +49,8 @@
   <section name="Fixed in Apache Tomcat 5.5.34 (not yet released)">
 
     <p><strong>Low: Information disclosure</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2204">
-       CVE-2011-2204</a></p>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2204"
+       rel="nofollow">CVE-2011-2204</a></p>
 
     <p>When using the MemoryUserDatabase (based on tomcat-users.xml) and
        creating users via JMX, an exception during the user creation process may
@@ -75,8 +75,8 @@
   <section name="Fixed in Apache Tomcat 5.5.32" rtext="released 1 Feb 2011">
   
     <p><strong>low: Cross-site scripting</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0013">
-       CVE-2011-0013</a></p>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0013"
+       rel="nofollow">CVE-2011-0013</a></p>
 
     <p>The HTML Manager interface displayed web application provided data, such
        as display names, without filtering. A malicious web application could
@@ -97,8 +97,8 @@
   <section name="Fixed in Apache Tomcat 5.5.30" rtext="released 9 Jul 2010">
   
     <p><strong>low: SecurityManager file permission bypass</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3718">
-       CVE-2010-3718</a></p>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3718"
+       rel="nofollow">CVE-2010-3718</a></p>
 
     <p>When running under a SecurityManager, access to the file system is
        limited but web applications are granted read/write permissions to the
@@ -125,8 +125,8 @@
     
     <p><strong>Important: Remote Denial Of Service and Information Disclosure
        Vulnerability</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2227">
-       CVE-2010-2227</a></p>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2227"
+       rel="nofollow">CVE-2010-2227</a></p>
 
     <p>Several flaws in the handling of the 'Transfer-Encoding' header were
        found that prevented the recycling of a buffer. A remote attacker could
@@ -145,8 +145,8 @@
     <p>Affects: 5.5.0-5.5.29</p>
 
     <p><strong>Low: Information disclosure in authentication headers</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1157">
-       CVE-2010-1157</a></p>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1157"
+       rel="nofollow">CVE-2010-1157</a></p>
 
     <p>The <code>WWW-Authenticate</code> HTTP header for BASIC and DIGEST
        authentication includes a realm name. If a
@@ -172,8 +172,8 @@
   <section name="Fixed in Apache Tomcat 5.5.29" rtext="released 20 Apr 2010">
   
     <p><strong>Low: Arbitrary file deletion and/or alteration on deploy</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2693">
-       CVE-2009-2693</a></p>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2693"
+       rel="nofollow">CVE-2009-2693</a></p>
 
     <p>When deploying WAR files, the WAR files were not checked for directory
        traversal attempts. This allows an attacker to create arbitrary content
@@ -190,8 +190,8 @@
     <p>Affects: 5.5.0-5.5.28</p>
 
     <p><strong>Low: Insecure partial deploy after failed undeploy</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2901">
-       CVE-2009-2901</a></p>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2901"
+       rel="nofollow">CVE-2009-2901</a></p>
 
     <p>By default, Tomcat automatically deploys any directories placed in a
        host's appBase. This behaviour is controlled by the autoDeploy attribute
@@ -212,8 +212,8 @@
     <p>Affects: 5.5.0-5.5.28 (Windows only)</p>
     
     <p><strong>Low: Unexpected file deletion in work directory</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2902">
-       CVE-2009-2902</a></p>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2902"
+       rel="nofollow">CVE-2009-2902</a></p>
 
     <p>When deploying WAR files, the WAR file names were not checked for
        directory traversal attempts. For example, deploying and undeploying
@@ -231,8 +231,8 @@
     <p>Affects: 5.5.0-5.5.28</p>
 
     <p><strong>Low: Insecure default password</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3548">
-       CVE-2009-3548</a></p>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3548"
+       rel="nofollow">CVE-2009-3548</a></p>
 
     <p>The Windows installer defaults to a blank password for the administrative
        user. If this is not changed during the install process, then by default
@@ -251,8 +251,8 @@
 
   <section name="Fixed in Apache Tomcat 5.5.28" rtext="released 4 Sep 2009">
     <p><strong>Important: Information Disclosure</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5515">
-       CVE-2008-5515</a></p>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5515"
+       rel="nofollow">CVE-2008-5515</a></p>
 
     <p>When using a RequestDispatcher obtained from the Request, the target path
        was normalised before the query string was removed. A request that
@@ -272,8 +272,8 @@
     <p>Affects: 5.5.0-5.5.27</p>
 
     <p><strong>Important: Denial of Service</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0033">
-       CVE-2009-0033</a></p>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0033"
+       rel="nofollow">CVE-2009-0033</a></p>
 
     <p>If Tomcat receives a request with invalid headers via the Java AJP
        connector, it does not return an error and instead closes the AJP
@@ -292,8 +292,8 @@
     <p>Affects: 5.5.0-5.5.27</p>
  
     <p><strong>low: Information disclosure</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0580">
-       CVE-2009-0580</a></p>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0580"
+       rel="nofollow">CVE-2009-0580</a></p>
 
     <p>Due to insufficient error checking in some authentication classes, Tomcat
        allows for the enumeration (brute force testing) of user names by
@@ -313,8 +313,8 @@
        Realms)</p>
        
     <p><strong>low: Cross-site scripting</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0781">
-       CVE-2009-0781</a></p>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0781"
+       rel="nofollow">CVE-2009-0781</a></p>
 
     <p>The calendar application in the examples web application contains an
        XSS flaw due to invalid HTML which renders the XSS filtering protection
@@ -330,8 +330,8 @@
     <p>Affects: 5.5.0-5.5.27</p>
 
     <p><strong>low: Information disclosure</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0783">
-       CVE-2009-0783</a></p>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0783"
+       rel="nofollow">CVE-2009-0783</a></p>
 
     <p>Bugs <a href="https://issues.apache.org/bugzilla/show_bug.cgi?id=29936">
        29936</a> and
@@ -357,8 +357,8 @@
   
   <section name="Fixed in Apache Tomcat 5.5.27" rtext="released 8 Sep 2008">
     <p><strong>low: Cross-site scripting</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1232">
-       CVE-2008-1232</a></p>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1232"
+       rel="nofollow">CVE-2008-1232</a></p>
 
     <p>The message argument of HttpServletResponse.sendError() call is not only
        displayed on the error page, but is also used for the reason-phrase of
@@ -378,8 +378,8 @@
     <p>Affects: 5.5.0-5.5.26</p>
 
     <p><strong>low: Cross-site scripting</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1947">
-       CVE-2008-1947</a></p>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1947"
+       rel="nofollow">CVE-2008-1947</a></p>
 
     <p>The Host Manager web application did not escape user provided data before
        including it in the output. This enabled a XSS attack. This application
@@ -397,8 +397,8 @@
     <p>Affects: 5.5.9-5.5.26</p>
     
     <p><strong>important: Information disclosure</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2370">
-       CVE-2008-2370</a></p>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2370"
+       rel="nofollow">CVE-2008-2370</a></p>
 
     <p>When using a RequestDispatcher the target path was normalised before the 
        query string was removed. A request that included a specially crafted 
@@ -419,19 +419,19 @@
 
   <section name="Fixed in Apache Tomcat 5.5.26" rtext="released 5 Feb 2008">
     <p><strong>low: Session hi-jacking</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5333">
-       CVE-2007-5333</a></p>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5333"
+       rel="nofollow">CVE-2007-5333</a></p>
 
     <p>The previous fix for
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3385">
-       CVE-2007-3385</a> was incomplete. It did not consider the use of quotes
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3385"
+       rel="nofollow">CVE-2007-3385</a> was incomplete. It did not consider the use of quotes
        or %5C within a cookie value.</p>
 
     <p>Affects: 5.5.0-5.5.25</p>
 
     <p><strong>low: Elevated privileges</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5342">
-       CVE-2007-5342</a></p>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5342"
+       rel="nofollow">CVE-2007-5342</a></p>
 
     <p>The JULI logging component allows web applications to provide their own
        logging configurations. The default security policy does not restrict
@@ -442,8 +442,8 @@
     <p>Affects: 5.5.9-5.5.25</p>
 
     <p><strong>important: Information disclosure</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5461">
-       CVE-2007-5461</a></p>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5461"
+       rel="nofollow">CVE-2007-5461</a></p>
 
     <p>When Tomcat's WebDAV servlet is configured for use with a context and
        has been enabled for write, some WebDAV requests that specify an entity
@@ -453,8 +453,8 @@
     <p>Affects: 5.5.0-5.5.25</p>
 
     <p><strong>important: Data integrity</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6286">
-       CVE-2007-6286</a></p>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6286"
+       rel="nofollow">CVE-2007-6286</a></p>
 
     <p>When using the native (APR based) connector, connecting to the SSL port
        using netcat and then disconnecting without sending any data will cause
@@ -466,8 +466,8 @@
   <section name="Fixed in Apache Tomcat 5.5.25, 5.0.SVN"
           rtext="released 8 Sep 2007">
     <p><strong>low: Cross-site scripting</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2449">
-       CVE-2007-2449</a></p>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2449"
+       rel="nofollow">CVE-2007-2449</a></p>
 
     <p>JSPs within the examples web application did not escape user provided
        data before including it in the output. This enabled a XSS attack. These
@@ -480,8 +480,8 @@
     <p>Affects: 5.0.0-5.0.30, 5.5.0-5.5.24</p>
 
     <p><strong>low: Cross-site scripting</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2450">
-       CVE-2007-2450</a></p>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2450"
+       rel="nofollow">CVE-2007-2450</a></p>
 
     <p>The Manager and Host Manager web applications did not escape user
        provided data before including it in the output. This enabled a XSS
@@ -492,8 +492,8 @@
     <p>Affects: 5.0.0-5.0.30, 5.5.0-5.5.24</p>
 
     <p><strong>low: Session hi-jacking</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3382">
-       CVE-2007-3382</a></p>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3382"
+       rel="nofollow">CVE-2007-3382</a></p>
 
     <p>Tomcat incorrectly treated a single quote character (') in a cookie
        value as a delimiter. In some circumstances this lead to the leaking of
@@ -502,8 +502,8 @@
     <p>Affects: 5.0.0-5.0.30, 5.5.0-5.5.24</p>
 
     <p><strong>low: Session hi-jacking</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3385">
-       CVE-2007-3385</a></p>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3385"
+       rel="nofollow">CVE-2007-3385</a></p>
 
     <p>Tomcat incorrectly handled the character sequence \" in a cookie value.
        In some circumstances this lead to the leaking of information such as
@@ -512,8 +512,8 @@
     <p>Affects: 5.0.0-5.0.30, 5.5.0-5.5.24</p>
 
     <p><strong>low: Cross-site scripting</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3386">
-       CVE-2007-3386</a></p>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3386"
+       rel="nofollow">CVE-2007-3386</a></p>
 
     <p>The Host Manager Servlet did not filter user supplied data before
        display. This enabled an XSS attack.</p>
@@ -524,8 +524,8 @@
 
   <section name="Fixed in Apache Tomcat 5.5.24, 5.0.SVN" rtext="Not released">
     <p><strong>moderate: Cross-site scripting</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1355">
-       CVE-2007-1355</a></p>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1355"
+       rel="nofollow">CVE-2007-1355</a></p>
 
     <p>The JSP and Servlet included in the sample application within the Tomcat
        documentation webapp did not escape user provided data before including
@@ -539,8 +539,8 @@
   <section name="Fixed in Apache Tomcat 5.5.23, 5.0.SVN"
           rtext="released 9 Mar 2007">
     <p><strong>important: Information disclosure</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2090">
-       CVE-2005-2090</a></p>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2090"
+       rel="nofollow">CVE-2005-2090</a></p>
 
     <p>Requests with multiple content-length headers should be rejected as
        invalid. When multiple components (firewalls, caches, proxies and Tomcat)
@@ -558,13 +558,13 @@
 
   <section name="Fixed in Apache Tomcat 5.5.22, 5.0.SVN" rtext="not released">
     <p><strong>important: Directory traversal</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0450">
-       CVE-2007-0450</a></p>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0450"
+       rel="nofollow">CVE-2007-0450</a></p>
 
     <p>The fix for this issue was insufficient. A fix was also required in the
        JK connector module for httpd. See 
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1860">
-       CVE-2007-1860</a> for further information.</p>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1860"
+       rel="nofollow">CVE-2007-1860</a> for further information.</p>
 
     <p>Tomcat permits '\', '%2F' and '%5C' as path delimiters. When Tomcat is used 
        behind a proxy (including, but not limited to, Apache HTTP server with 
@@ -596,8 +596,8 @@
 
   <section name="Fixed in Apache Tomcat 5.5.21, 5.0.SVN" rtext="not released">
     <p><strong>low: Cross-site scripting</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1358">
-       CVE-2007-1358</a></p>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1358"
+       rel="nofollow">CVE-2007-1358</a></p>
 
     <p>Web pages that display the Accept-Language header value sent by the
        client are susceptible to a cross-site scripting attack if they assume
@@ -613,8 +613,8 @@
 
   <section name="Fixed in Apache Tomcat 5.5.21" rtext="not released">
     <p><strong>moderate: Session hi-jacking</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0128">
-       CVE-2008-0128</a></p>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0128"
+       rel="nofollow">CVE-2008-0128</a></p>
 
     <p>When using the SingleSignOn Valve via https the Cookie JSESSIONIDSSO is
        transmitted without the "secure" attribute, resulting in it being
@@ -624,8 +624,8 @@
     <p>Affects: 5.0.0-5.0.SVN, 5.5.0-5.5.20</p>
 
     <p><strong>low: Information disclosure</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4308">
-       CVE-2008-4308</a></p>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4308"
+       rel="nofollow">CVE-2008-4308</a></p>
 
     <p><a href="https://issues.apache.org/bugzilla/show_bug.cgi?id=40771">Bug
     40771</a> may result in the disclosure of POSTed content from a previous
@@ -639,8 +639,8 @@
 
   <section name="Fixed in Apache Tomcat 5.5.18, 5.0.SVN" rtext="not released">
     <p><strong>moderate: Cross-site scripting</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7195">
-       CVE-2006-7195</a></p>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7195"
+       rel="nofollow">CVE-2006-7195</a></p>
 
     <p>The implicit-objects.jsp in the examples webapp displayed a number of
        unfiltered header values. This enabled a XSS attack. These values are now
@@ -652,8 +652,8 @@
   <section name="Fixed in Apache Tomcat 5.5.17, 5.0.SVN"
           rtext="released 27 Apr 2006">
     <p><strong>important: Information disclosure</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1858">
-       CVE-2007-1858</a></p>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1858"
+       rel="nofollow">CVE-2007-1858</a></p>
 
     <p>The default SSL configuration permitted the use of insecure cipher suites
        including the anonymous cipher suite. The default configuration no
@@ -665,8 +665,8 @@
   <section name="Fixed in Apache Tomcat 5.5.16, 5.0.SVN"
           rtext="released 15 Mar 2006">
     <p><strong>low: Cross-site scripting</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7196">
-       CVE-2006-7196</a></p>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7196"
+       rel="nofollow">CVE-2006-7196</a></p>
 
     <p>The calendar application included as part of the JSP examples is
        susceptible to a cross-site scripting attack as it does not escape
@@ -678,8 +678,8 @@
 
   <section name="Fixed in Apache Tomcat 5.5.13, 5.0.SVN">
     <p><strong>low: Directory listing</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3835">
-       CVE-2006-3835</a></p>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3835"
+       rel="nofollow">CVE-2006-3835</a></p>
 
     <p>This is expected behaviour when directory listings are enabled. The
        semicolon (;) is the separator for path parameters so inserting one
@@ -691,8 +691,8 @@
     <p>Affects: 5.0.0-5.0.30, 5.5.0-5.5.12</p>
 
     <p><strong>important: Denial of service</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3510">
-       CVE-2005-3510</a></p>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3510"
+       rel="nofollow">CVE-2005-3510</a></p>
 
     <p>The root cause is the relatively expensive calls required to generate
        the content for the directory listings. If directory listings are
@@ -708,8 +708,8 @@
 
   <section name="Fixed in Apache Tomcat 5.5.7, 5.0.SVN">
     <p><strong>low: Cross-site scripting</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4838">
-       CVE-2005-4838</a></p>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4838"
+       rel="nofollow">CVE-2005-4838</a></p>
 
     <p>Various JSPs included as part of the JSP examples and the Tomcat Manager
        are susceptible to a cross-site scripting attack as they do not escape
@@ -720,8 +720,8 @@
 
   <section name="Fixed in Apache Tomcat 5.5.1">
     <p><strong>low: Information disclosure</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3271">
-       CVE-2008-3271</a></p>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3271"
+       rel="nofollow">CVE-2008-3271</a></p>
 
     <p><a href="https://issues.apache.org/bugzilla/show_bug.cgi?id=25835">
     Bug 25835</a> can, in rare circumstances - this has only been reproduced
@@ -736,8 +736,8 @@
   <section name="Not a vulnerability in Tomcat">
 
     <p><strong>Important: Remote Denial Of Service</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4476">
-       CVE-2010-4476</a></p>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4476"
+       rel="nofollow">CVE-2010-4476</a></p>
 
     <p>A JVM bug could cause Double conversion to hang JVM when accessing to a
        form based security constrained page or any page that calls
@@ -756,8 +756,8 @@
     <p>Affects: 5.5.0-5.5.32</p>
 
     <p><strong>moderate: TLS SSL Man In The Middle</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555">
-       CVE-2009-3555</a></p>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555"
+       rel="nofollow">CVE-2009-3555</a></p>
 
     <p>A vulnerability exists in the TLS protocol that allows an attacker to
        inject arbitrary requests into an TLS stream during renegotiation.</p>
@@ -790,20 +790,20 @@
        attribute. This work around will be included in Tomcat 5.5.29 onwards.</p>
 
     <p><strong>JavaMail information disclosure</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1754">
-       CVE-2005-1754</a></p>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1754"
+       rel="nofollow">CVE-2005-1754</a></p>
     <p>The vulnerability described is in the web application deployed on Tomcat
        rather than in Tomcat.</p>
 
     <p><strong>JavaMail information disclosure</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1753">
-       CVE-2005-1753</a></p>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1753"
+       rel="nofollow">CVE-2005-1753</a></p>
     <p>The vulnerability described is in the web application deployed on Tomcat
        rather than in Tomcat.</p>
 
     <p><strong>important: Directory traversal</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2938">
-       CVE-2008-2938</a></p>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2938"
+       rel="nofollow">CVE-2008-2938</a></p>
 
     <p>Originally reported as a Tomcat vulnerability the root cause of this
        issue is that the JVM does not correctly decode UTF-8 encoded URLs to

Modified: tomcat/site/trunk/xdocs/security-6.xml
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-6.xml?rev=1145952&r1=1145951&r2=1145952&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/security-6.xml (original)
+++ tomcat/site/trunk/xdocs/security-6.xml Wed Jul 13 10:57:59 2011
@@ -33,8 +33,8 @@
   <section name="Fixed in Apache Tomcat 6.0.33 (not yet released)">
 
     <p><strong>Low: Information disclosure</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2204">
-       CVE-2011-2204</a></p>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2204"
+       rel="nofollow">CVE-2011-2204</a></p>
 
     <p>When using the MemoryUserDatabase (based on tomcat-users.xml) and
        creating users via JMX, an exception during the user creation process may
@@ -65,8 +65,8 @@
        affected versions.</i></p>
 
     <p><strong>Important: Remote Denial Of Service</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0534">
-       CVE-2011-0534</a></p>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0534"
+       rel="nofollow">CVE-2011-0534</a></p>
 
     <p>The NIO connector expands its buffer endlessly during request line
        processing. That behaviour can be used for a denial of service attack
@@ -86,8 +86,8 @@
   <section name="Fixed in Apache Tomcat 6.0.30" rtext="released 13 Jan 2011">
   
     <p><strong>low: Cross-site scripting</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0013">
-       CVE-2011-0013</a></p>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0013"
+       rel="nofollow">CVE-2011-0013</a></p>
 
     <p>The HTML Manager interface displayed web application provided data, such
        as display names, without filtering. A malicious web application could
@@ -104,8 +104,8 @@
     <p>Affects: 6.0.0-6.0.29</p>
 
     <p><strong>moderate: Cross-site scripting</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4172">
-       CVE-2010-4172</a></p>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4172"
+       rel="nofollow">CVE-2010-4172</a></p>
 
     <p>The Manager application used the user provided parameters sort and
        orderBy directly without filtering thereby permitting cross-site
@@ -121,8 +121,8 @@
     <p>Affects: 6.0.12-6.0.29</p>
 
     <p><strong>low: SecurityManager file permission bypass</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3718">
-       CVE-2010-3718</a></p>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3718"
+       rel="nofollow">CVE-2010-3718</a></p>
 
     <p>When running under a SecurityManager, access to the file system is
        limited but web applications are granted read/write permissions to the
@@ -153,8 +153,8 @@
   
     <p><strong>Important: Remote Denial Of Service and Information Disclosure
        Vulnerability</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2227">
-       CVE-2010-2227</a></p>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2227"
+       rel="nofollow">CVE-2010-2227</a></p>
 
     <p>Several flaws in the handling of the 'Transfer-Encoding' header were
        found that prevented the recycling of a buffer. A remote attacker could
@@ -179,8 +179,8 @@
        affected versions.</i></p>
          
     <p><strong>Low: Information disclosure in authentication headers</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1157">
-       CVE-2010-1157</a></p>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1157"
+       rel="nofollow">CVE-2010-1157</a></p>
 
     <p>The <code>WWW-Authenticate</code> HTTP header for BASIC and DIGEST
        authentication includes a realm name. If a
@@ -211,8 +211,8 @@
          are not included in the list of affected versions.</i></p>
        
     <p><strong>Low: Arbitrary file deletion and/or alteration on deploy</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2693">
-       CVE-2009-2693</a></p>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2693"
+       rel="nofollow">CVE-2009-2693</a></p>
 
     <p>When deploying WAR files, the WAR files were not checked for directory
        traversal attempts. This allows an attacker to create arbitrary content
@@ -229,8 +229,8 @@
     <p>Affects: 6.0.0-6.0.20</p>
 
     <p><strong>Low: Insecure partial deploy after failed undeploy</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2901">
-       CVE-2009-2901</a></p>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2901"
+       rel="nofollow">CVE-2009-2901</a></p>
 
     <p>By default, Tomcat automatically deploys any directories placed in a
        host's appBase. This behaviour is controlled by the autoDeploy attribute
@@ -251,8 +251,8 @@
     <p>Affects: 6.0.0-6.0.20 (Windows only)</p>
     
     <p><strong>Low: Unexpected file deletion in work directory</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2902">
-       CVE-2009-2902</a></p>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2902"
+       rel="nofollow">CVE-2009-2902</a></p>
 
     <p>When deploying WAR files, the WAR file names were not checked for
        directory traversal attempts. For example, deploying and undeploying
@@ -270,8 +270,8 @@
     <p>Affects: 6.0.0-6.0.20</p>
     
     <p><strong>Low: Insecure default password</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3548">
-       CVE-2009-3548</a></p>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3548"
+       rel="nofollow">CVE-2009-3548</a></p>
 
     <p>The Windows installer defaults to a blank password for the administrative
        user. If this is not changed during the install process, then by default
@@ -296,8 +296,8 @@
        issues, 6.0.19 is not included in the list of affected versions.</i></p>
 
     <p><strong>Important: Information Disclosure</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5515">
-       CVE-2008-5515</a></p>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5515"
+       rel="nofollow">CVE-2008-5515</a></p>
 
     <p>When using a RequestDispatcher obtained from the Request, the target path
        was normalised before the query string was removed. A request that
@@ -315,8 +315,8 @@
     <p>Affects: 6.0.0-6.0.18</p>
 
     <p><strong>Important: Denial of Service</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0033">
-       CVE-2009-0033</a></p>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0033"
+       rel="nofollow">CVE-2009-0033</a></p>
 
     <p>If Tomcat receives a request with invalid headers via the Java AJP
        connector, it does not return an error and instead closes the AJP
@@ -335,8 +335,8 @@
     <p>Affects: 6.0.0-6.0.18</p>
 
     <p><strong>low: Information disclosure</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0580">
-       CVE-2009-0580</a></p>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0580"
+       rel="nofollow">CVE-2009-0580</a></p>
 
     <p>Due to insufficient error checking in some authentication classes, Tomcat
        allows for the enumeration (brute force testing) of user names by
@@ -353,8 +353,8 @@
     <p>Affects: 6.0.0-6.0.18</p>
        
     <p><strong>low: Cross-site scripting</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0781">
-       CVE-2009-0781</a></p>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0781"
+       rel="nofollow">CVE-2009-0781</a></p>
 
     <p>The calendar application in the examples web application contains an
        XSS flaw due to invalid HTML which renders the XSS filtering protection
@@ -370,8 +370,8 @@
     <p>Affects: 6.0.0-6.0.18</p>
 
     <p><strong>low: Information disclosure</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0783">
-       CVE-2009-0783</a></p>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0783"
+       rel="nofollow">CVE-2009-0783</a></p>
 
     <p>Bugs <a href="https://issues.apache.org/bugzilla/show_bug.cgi?id=29936">
        29936</a> and
@@ -402,8 +402,8 @@
        issues, 6.0.17 is not included in the list of affected versions.</i></p>
 
     <p><strong>low: Cross-site scripting</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1232">
-       CVE-2008-1232</a></p>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1232"
+       rel="nofollow">CVE-2008-1232</a></p>
 
     <p>The message argument of HttpServletResponse.sendError() call is not only
        displayed on the error page, but is also used for the reason-phrase of
@@ -422,8 +422,8 @@
     <p>Affects: 6.0.0-6.0.16</p>
 
     <p><strong>low: Cross-site scripting</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1947">
-       CVE-2008-1947</a></p>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1947"
+       rel="nofollow">CVE-2008-1947</a></p>
 
     <p>The Host Manager web application did not escape user provided data before
        including it in the output. This enabled a XSS attack. This application
@@ -441,8 +441,8 @@
     <p>Affects: 6.0.0-6.0.16</p>
 
     <p><strong>important: Information disclosure</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2370">
-       CVE-2008-2370</a></p>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2370"
+       rel="nofollow">CVE-2008-2370</a></p>
 
     <p>When using a RequestDispatcher the target path was normalised before the 
        query string was removed. A request that included a specially crafted 
@@ -464,19 +464,19 @@
 
   <section name="Fixed in Apache Tomcat 6.0.16" rtext="released 8 Feb 2008">
     <p><strong>low: Session hi-jacking</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5333">
-       CVE-2007-5333</a></p>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5333"
+       rel="nofollow">CVE-2007-5333</a></p>
 
     <p>The previous fix for
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3385">
-       CVE-2007-3385</a> was incomplete. It did not consider the use of quotes
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3385"
+       rel="nofollow">CVE-2007-3385</a> was incomplete. It did not consider the use of quotes
        or %5C within a cookie value.</p>
 
     <p>Affects: 6.0.0-6.0.14</p>
 
     <p><strong>low: Elevated privileges</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5342">
-       CVE-2007-5342</a></p>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5342"
+       rel="nofollow">CVE-2007-5342</a></p>
 
     <p>The JULI logging component allows web applications to provide their own
        logging configurations. The default security policy does not restrict
@@ -487,8 +487,8 @@
     <p>Affects: 6.0.0-6.0.15</p>
 
     <p><strong>important: Information disclosure</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5461">
-       CVE-2007-5461</a></p>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5461"
+       rel="nofollow">CVE-2007-5461</a></p>
 
     <p>When Tomcat's WebDAV servlet is configured for use with a context and
        has been enabled for write, some WebDAV requests that specify an entity
@@ -498,8 +498,8 @@
     <p>Affects: 6.0.0-6.0.14</p>
 
     <p><strong>important: Data integrity</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6286">
-       CVE-2007-6286</a></p>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6286"
+       rel="nofollow">CVE-2007-6286</a></p>
 
     <p>When using the native (APR based) connector, connecting to the SSL port
        using netcat and then disconnecting without sending any data will cause
@@ -508,8 +508,8 @@
     <p>Affects: 6.0.0-6.0.15</p>
 
     <p><strong>important: Information disclosure</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0002">
-       CVE-2008-0002</a></p>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0002"
+       rel="nofollow">CVE-2008-0002</a></p>
 
     <p>If an exception occurs during the processing of parameters (eg if the
        client disconnects) then it is possible that the parameters submitted for
@@ -522,8 +522,8 @@
 
   <section name="Fixed in Apache Tomcat 6.0.14" rtext="released 13 Aug 2007">
     <p><strong>low: Cross-site scripting</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2449">
-       CVE-2007-2449</a></p>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2449"
+       rel="nofollow">CVE-2007-2449</a></p>
 
     <p>JSPs within the examples web application did not escape user provided
        data before including it in the output. This enabled a XSS attack. These
@@ -536,8 +536,8 @@
     <p>Affects: 6.0.0-6.0.13</p>
 
     <p><strong>low: Cross-site scripting</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2450">
-       CVE-2007-2450</a></p>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2450"
+       rel="nofollow">CVE-2007-2450</a></p>
 
     <p>The Manager and Host Manager web applications did not escape user
        provided data before including it in the output. This enabled a XSS
@@ -548,8 +548,8 @@
     <p>Affects: 6.0.0-6.0.13</p>
 
     <p><strong>low: Session hi-jacking</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3382">
-       CVE-2007-3382</a></p>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3382"
+       rel="nofollow">CVE-2007-3382</a></p>
 
     <p>Tomcat incorrectly treated a single quote character (') in a cookie
        value as a delimiter. In some circumstances this lead to the leaking of
@@ -558,8 +558,8 @@
     <p>Affects: 6.0.0-6.0.13</p>
 
     <p><strong>low: Session hi-jacking</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3385">
-       CVE-2007-3385</a></p>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3385"
+       rel="nofollow">CVE-2007-3385</a></p>
 
     <p>Tomcat incorrectly handled the character sequence \" in a cookie value.
        In some circumstances this lead to the leaking of information such as
@@ -568,8 +568,8 @@
     <p>Affects: 6.0.0-6.0.13</p>
 
     <p><strong>low: Cross-site scripting</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3386">
-       CVE-2007-3386</a></p>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3386"
+       rel="nofollow">CVE-2007-3386</a></p>
 
     <p>The Host Manager Servlet did not filter user supplied data before
        display. This enabled an XSS attack.</p>
@@ -580,8 +580,8 @@
 
   <section name="Fixed in Apache Tomcat 6.0.11"  rtext="not released">
     <p><strong>moderate: Cross-site scripting</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1355">
-       CVE-2007-1355</a></p>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1355"
+       rel="nofollow">CVE-2007-1355</a></p>
 
     <p>The JSP and Servlet included in the sample application within the Tomcat
        documentation webapp did not escape user provided data before including
@@ -591,8 +591,8 @@
     <p>Affects: 6.0.0-6.0.10</p>
 
     <p><strong>important: Information disclosure</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2090">
-       CVE-2005-2090</a></p>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2090"
+       rel="nofollow">CVE-2005-2090</a></p>
 
     <p>Requests with multiple content-length headers should be rejected as
        invalid. When multiple components (firewalls, caches, proxies and Tomcat)
@@ -610,8 +610,8 @@
 
   <section name="Fixed in Apache Tomcat 6.0.10" rtext="released 28 Feb 2007">
     <p><strong>important: Directory traversal</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0450">
-       CVE-2007-0450</a></p>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0450"
+       rel="nofollow">CVE-2007-0450</a></p>
 
     <p>Tomcat permits '\', '%2F' and '%5C' as path delimiters. When Tomcat is used 
        behind a proxy (including, but not limited to, Apache HTTP server with 
@@ -643,8 +643,8 @@
 
   <section name="Fixed in Apache Tomcat 6.0.9" rtext="released 8 Feb 2007">
     <p><strong>moderate: Session hi-jacking</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0128">
-       CVE-2008-0128</a></p>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0128"
+       rel="nofollow">CVE-2008-0128</a></p>
 
     <p>When using the SingleSignOn Valve via https the Cookie JSESSIONIDSSO is
        transmitted without the "secure" attribute, resulting in it being
@@ -656,8 +656,8 @@
 
   <section name="Fixed in Apache Tomcat 6.0.6"  rtext="released 18 Dec 2006">
     <p><strong>low: Cross-site scripting</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1358">
-       CVE-2007-1358</a></p>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1358"
+       rel="nofollow">CVE-2007-1358</a></p>
 
     <p>Web pages that display the Accept-Language header value sent by the
        client are susceptible to a cross-site scripting attack if they assume
@@ -674,8 +674,8 @@
   <section name="Not a vulnerability in Tomcat">
 
     <p><strong>Important: Remote Denial Of Service</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4476">
-       CVE-2010-4476</a></p>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4476"
+       rel="nofollow">CVE-2010-4476</a></p>
 
     <p>A JVM bug could cause Double conversion to hang JVM when accessing to a
        form based security constrained page or any page that calls
@@ -694,8 +694,8 @@
     <p>Affects: 6.0.0-6.0.31</p>
 
     <p><strong>moderate: TLS SSL Man In The Middle</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555">
-       CVE-2009-3555</a></p>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555"
+       rel="nofollow">CVE-2009-3555</a></p>
 
     <p>A vulnerability exists in the TLS protocol that allows an attacker to
        inject arbitrary requests into an TLS stream during renegotiation.</p>
@@ -730,8 +730,8 @@
        attribute. This work around is included in Tomcat 6.0.21 onwards.</p>
        
     <p><strong>important: Directory traversal</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2938">
-       CVE-2008-2938</a></p>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2938"
+       rel="nofollow">CVE-2008-2938</a></p>
 
     <p>Originally reported as a Tomcat vulnerability the root cause of this
        issue is that the JVM does not correctly decode UTF-8 encoded URLs to

Modified: tomcat/site/trunk/xdocs/security-7.xml
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-7.xml?rev=1145952&r1=1145951&r2=1145952&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/security-7.xml (original)
+++ tomcat/site/trunk/xdocs/security-7.xml Wed Jul 13 10:57:59 2011
@@ -28,8 +28,8 @@
   <section name="Fixed in Apache Tomcat 7.0.17 (not yet released)">
 
     <p><strong>Low: Information disclosure</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2204">
-       CVE-2011-2204</a></p>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2204"
+       rel="nofollow">CVE-2011-2204</a></p>
 
     <p>When using the MemoryUserDatabase (based on tomcat-users.xml) and
        creating users via JMX, an exception during the user creation process may
@@ -54,8 +54,8 @@
   <section name="Fixed in Apache Tomcat 7.0.14 (released 12 May 2011)">
 
     <p><strong>Important: Security constraint bypass</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1582">
-       CVE-2011-1582</a></p>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1582"
+       rel="nofollow">CVE-2011-1582</a></p>
 
     <p>An error in the fixes for CVE-2011-1088/CVE-2011-1183 meant that security
        constraints configured via annotations were ignored on the first request
@@ -75,8 +75,8 @@
   <section name="Fixed in Apache Tomcat 7.0.12 (released 6 Apr 2011)">
 
     <p><strong>Important: Information disclosure</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1475">
-       CVE-2011-1475</a></p>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1475"
+       rel="nofollow">CVE-2011-1475</a></p>
 
     <p>Changes introduced to the HTTP BIO connector to support Servlet 3.0
        asynchronous requests did not fully account for HTTP pipelining. As a
@@ -99,8 +99,8 @@
     <p>Affects: 7.0.0-7.0.11</p>
 
     <p><strong>Important: Security constraint bypass</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1183">
-       CVE-2011-1183</a></p>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1183"
+       rel="nofollow">CVE-2011-1183</a></p>
 
     <p>A regression in the fix for CVE-2011-1088 meant that security constraints
        were ignored when no login configuration was present in the web.xml and
@@ -120,8 +120,8 @@
   <section name="Fixed in Apache Tomcat 7.0.11 (released 11 Mar 2011)">
 
     <p><strong>Important: Security constraint bypass</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1088">
-       CVE-2011-1088</a></p>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1088"
+       rel="nofollow">CVE-2011-1088</a></p>
 
     <p>When a web application was started, <code>ServletSecurity</code>
        annotations were ignored. This meant that some areas of the application
@@ -154,8 +154,8 @@
        affected versions.</i></p>
 
     <p><strong>Important: Remote Denial Of Service</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0534">
-       CVE-2011-0534</a></p>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0534"
+       rel="nofollow">CVE-2011-0534</a></p>
 
     <p>The NIO connector expands its buffer endlessly during request line
        processing. That behaviour can be used for a denial of service attack
@@ -175,8 +175,8 @@
   <section name="Fixed in Apache Tomcat 7.0.6 (released 14 Jan 2011)">
   
     <p><strong>low: Cross-site scripting</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0013">
-       CVE-2011-0013</a></p>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0013"
+       rel="nofollow">CVE-2011-0013</a></p>
 
     <p>The HTML Manager interface displayed web application provided data, such
        as display names, without filtering. A malicious web application could
@@ -197,8 +197,8 @@
   <section name="Fixed in Apache Tomcat 7.0.5 (released 1 Dec 2010)">
   
     <p><strong>low: Cross-site scripting</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4172">
-       CVE-2010-4172</a></p>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4172"
+       rel="nofollow">CVE-2010-4172</a></p>
 
     <p>The Manager application used the user provided parameters sort and
        orderBy directly without filtering thereby permitting cross-site
@@ -219,8 +219,8 @@
   <section name="Fixed in Apache Tomcat 7.0.4 (released 21 Oct 2010)">
 
     <p><strong>low: SecurityManager file permission bypass</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3718">
-       CVE-2010-3718</a></p>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3718"
+       rel="nofollow">CVE-2010-3718</a></p>
 
     <p>When running under a SecurityManager, access to the file system is
        limited but web applications are granted read/write permissions to the
@@ -257,8 +257,8 @@
          
     <p><strong>Important: Remote Denial Of Service and Information Disclosure
        Vulnerability</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2227">
-       CVE-2010-2227</a></p>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2227"
+       rel="nofollow">CVE-2010-2227</a></p>
 
     <p>Several flaws in the handling of the 'Transfer-Encoding' header were
        found that prevented the recycling of a buffer. A remote attacker could
@@ -281,8 +281,8 @@
   <section name="Not a vulnerability in Tomcat">
   
     <p><strong>Important: Remote Denial Of Service</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4476">
-       CVE-2010-4476</a></p>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4476"
+       rel="nofollow">CVE-2010-4476</a></p>
 
     <p>A JVM bug could cause Double conversion to hang JVM when accessing to a
        form based security constrained page or any page that calls
@@ -301,8 +301,8 @@
     <p>Affects: 7.0.0-7.0.6</p>
 
     <p><strong>moderate: TLS SSL Man In The Middle</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555">
-       CVE-2009-3555</a></p>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555"
+       rel="nofollow">CVE-2009-3555</a></p>
 
     <p>A vulnerability exists in the TLS protocol that allows an attacker to
        inject arbitrary requests into an TLS stream during renegotiation.</p>

Modified: tomcat/site/trunk/xdocs/security-jk.xml
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-jk.xml?rev=1145952&r1=1145951&r2=1145952&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/security-jk.xml (original)
+++ tomcat/site/trunk/xdocs/security-jk.xml Wed Jul 13 10:57:59 2011
@@ -30,8 +30,8 @@
 
   <section name="Fixed in Apache Tomcat JK Connector 1.2.27">
     <p><strong>important: Information disclosure</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5519">
-       CVE-2008-5519</a></p>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5519"
+       rel="nofollow">CVE-2008-5519</a></p>
 
     <p>Situations where faulty clients set Content-Length without providing
        data, or where a user submits repeated requests very quickly, may permit
@@ -50,12 +50,12 @@
 
   <section name="Fixed in Apache Tomcat JK Connector 1.2.23">
     <p><strong>important: Information disclosure</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1860">
-       CVE-2007-1860</a></p>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1860"
+       rel="nofollow">CVE-2007-1860</a></p>
 
     <p>The issue is related to
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0450">
-       CVE-2007-0450</a>, the patch for which was insufficient.</p>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0450"
+       rel="nofollow">CVE-2007-0450</a>, the patch for which was insufficient.</p>
 
     <p>When multiple components (firewalls, caches, proxies and Tomcat)
        process a request, the request URL should not get decoded multiple times
@@ -89,8 +89,8 @@
 
   <section name="Fixed in Apache Tomcat JK Connector 1.2.21">
     <p><strong>critical: Arbitrary code execution and denial of service</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0774">
-       CVE-2007-0774</a></p>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0774"
+       rel="nofollow">CVE-2007-0774</a></p>
 
     <p>An unsafe memory copy in the URI handler for the native JK connector
        could result in a stack overflow condition which could be leveraged to
@@ -103,8 +103,8 @@
 
   <section name="Fixed in Apache Tomcat JK Connector 1.2.16">
     <p><strong>important: Information disclosure</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7197">
-       CVE-2006-7197</a></p>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7197"
+       rel="nofollow">CVE-2006-7197</a></p>
 
     <p>The Tomcat AJP connector contained a bug that sometimes set a too long
        length for the chunks delivered by send_body_chunks AJP messages. Bugs of

Modified: tomcat/site/trunk/xdocs/security-native.xml
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-native.xml?rev=1145952&r1=1145951&r2=1145952&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/security-native.xml (original)
+++ tomcat/site/trunk/xdocs/security-native.xml Wed Jul 13 10:57:59 2011
@@ -30,8 +30,8 @@
 
   <section name="Not a vulnerability in the Apache Tomcat APR/native Connector">
     <p><strong>TLS SSL Man In The Middle</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555">
-       CVE-2009-3555</a></p>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555"
+       rel="nofollow">CVE-2009-3555</a></p>
 
     <p>A vulnerability exists in the TLS protocol that allows an attacker to
        inject arbitrary requests into an TLS stream during renegotiation.</p>

Modified: tomcat/site/trunk/xdocs/security.xml
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security.xml?rev=1145952&r1=1145951&r2=1145952&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/security.xml (original)
+++ tomcat/site/trunk/xdocs/security.xml Wed Jul 13 10:57:59 2011
@@ -33,8 +33,8 @@
           </a></li>
       <li><a href="security-jk.html">Apache Tomcat JK Connectors Security
           Vulnerabilities</a></li>
-      <li><a href="security-native.html">Apache Tomcat APR/native Connector Security
-          Vulnerabilities</a></li>
+      <li><a href="security-native.html">Apache Tomcat APR/native Connector
+          Security Vulnerabilities</a></li>
     </ul>
 
     <p>Lists of security problems fixed in versions of Apache Tomcat that may
@@ -54,7 +54,8 @@
        </p>
 
     <p>We strongly encourage folks to report such problems to our private
-       security mailing list first, before disclosing them in a public forum.</p>
+       security mailing list first, before disclosing them in a public forum.
+       </p>
 
     <p><strong>Please note that the security mailing list should only be used
        for reporting undisclosed security vulnerabilities in Apache Tomcat and

Modified: tomcat/site/trunk/xdocs/whoweare.xml
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/whoweare.xml?rev=1145952&r1=1145951&r2=1145952&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/whoweare.xml (original)
+++ tomcat/site/trunk/xdocs/whoweare.xml Wed Jul 13 10:57:59 2011
@@ -33,7 +33,8 @@ The following is a list of the Apache To
 short bios for some of them.</p>
 
 <p>
-A complete list of all the Apache Committers is <a href="http://www.apache.org/~jim/committers.html">also available</a>.
+A complete list of all the Apache Committers is
+<a href="http://www.apache.org/~jim/committers.html">also available</a>.
 (It's a long list, so please be patient.)
 </p>
 



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message