Return-Path:
This was fixed in - - revision 702540.
+This was fixed in revision 702540.
Affects: JK 1.2.0-1.2.26 important: Information disclosure
- CVE-2008-5519
Source shipped with Tomcat 4.0.0-4.0.6, 4.1.0-4.1.36, 5.0.0-5.0.30,
Modified: tomcat/site/trunk/xdocs/security-jk.xml
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-jk.xml?rev=1174455&r1=1174454&r2=1174455&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/security-jk.xml (original)
+++ tomcat/site/trunk/xdocs/security-jk.xml Thu Sep 22 23:56:14 2011
@@ -30,17 +30,14 @@
Situations where faulty clients set Content-Length without providing data, or where a user submits repeated requests very quickly, may permit one user to view the response associated with a different user's request.
-This was fixed in - - revision 702540.
+This was fixed in
Affects: JK 1.2.0-1.2.26 important: Information disclosure
- CVE-2007-1860
Source shipped with Tomcat 4.0.0-4.0.6, 4.1.0-4.1.36, 5.0.0-5.0.30,
@@ -50,12 +47,10 @@
The issue is related to - CVE-2007-0450, the patch for which was insufficient.
+When multiple components (firewalls, caches, proxies and Tomcat)
process a request, the request URL should not get decoded multiple times
@@ -89,8 +84,7 @@
critical: Arbitrary code execution and denial of service
- CVE-2007-0774
An unsafe memory copy in the URI handler for the native JK connector
could result in a stack overflow condition which could be leveraged to
@@ -103,8 +97,7 @@
important: Information disclosure
- CVE-2006-7197
The Tomcat AJP connector contained a bug that sometimes set a too long
length for the chunks delivered by send_body_chunks AJP messages. Bugs of
Modified: tomcat/site/trunk/xdocs/security-native.xml
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-native.xml?rev=1174455&r1=1174454&r2=1174455&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/security-native.xml (original)
+++ tomcat/site/trunk/xdocs/security-native.xml Thu Sep 22 23:56:14 2011
@@ -30,8 +30,7 @@
TLS SSL Man In The Middle
- CVE-2009-3555
A vulnerability exists in the TLS protocol that allows an attacker to inject arbitrary requests into an TLS stream during renegotiation.
--------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org For additional commands, e-mail: dev-help@tomcat.apache.org