Return-Path: X-Original-To: apmail-tomcat-dev-archive@www.apache.org Delivered-To: apmail-tomcat-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 457D07A4E for ; Thu, 22 Sep 2011 23:56:40 +0000 (UTC) Received: (qmail 19905 invoked by uid 500); 22 Sep 2011 23:56:39 -0000 Delivered-To: apmail-tomcat-dev-archive@tomcat.apache.org Received: (qmail 19844 invoked by uid 500); 22 Sep 2011 23:56:39 -0000 Mailing-List: contact dev-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Developers List" Delivered-To: mailing list dev@tomcat.apache.org Received: (qmail 19834 invoked by uid 99); 22 Sep 2011 23:56:39 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 22 Sep 2011 23:56:39 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=5.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 22 Sep 2011 23:56:36 +0000 Received: from eris.apache.org (localhost [127.0.0.1]) by eris.apache.org (Postfix) with ESMTP id 2BBC82388A5F for ; Thu, 22 Sep 2011 23:56:15 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r1174455 - in /tomcat/site/trunk: docs/security-jk.html xdocs/security-jk.xml xdocs/security-native.xml Date: Thu, 22 Sep 2011 23:56:15 -0000 To: dev@tomcat.apache.org From: kkolinko@apache.org X-Mailer: svnmailer-1.0.8-patched Message-Id: <20110922235615.2BBC82388A5F@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Author: kkolinko Date: Thu Sep 22 23:56:14 2011 New Revision: 1174455 URL: http://svn.apache.org/viewvc?rev=1174455&view=rev Log: Simplify the markup Modified: tomcat/site/trunk/docs/security-jk.html tomcat/site/trunk/xdocs/security-jk.xml tomcat/site/trunk/xdocs/security-native.xml Modified: tomcat/site/trunk/docs/security-jk.html URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-jk.html?rev=1174455&r1=1174454&r2=1174455&view=diff ============================================================================== --- tomcat/site/trunk/docs/security-jk.html (original) +++ tomcat/site/trunk/docs/security-jk.html Thu Sep 22 23:56:14 2011 @@ -307,9 +307,7 @@ one user to view the response associated with a different user's request.

-

This was fixed in - - revision 702540.

+

This was fixed in revision 702540.

Affects: JK 1.2.0-1.2.26
Source shipped with Tomcat 4.0.0-4.0.6, 4.1.0-4.1.36, 5.0.0-5.0.30, Modified: tomcat/site/trunk/xdocs/security-jk.xml URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-jk.xml?rev=1174455&r1=1174454&r2=1174455&view=diff ============================================================================== --- tomcat/site/trunk/xdocs/security-jk.xml (original) +++ tomcat/site/trunk/xdocs/security-jk.xml Thu Sep 22 23:56:14 2011 @@ -30,17 +30,14 @@

important: Information disclosure - CVE-2008-5519

+ CVE-2008-5519

Situations where faulty clients set Content-Length without providing data, or where a user submits repeated requests very quickly, may permit one user to view the response associated with a different user's request.

-

This was fixed in - - revision 702540.

+

This was fixed in revision 702540.

Affects: JK 1.2.0-1.2.26
Source shipped with Tomcat 4.0.0-4.0.6, 4.1.0-4.1.36, 5.0.0-5.0.30, @@ -50,12 +47,10 @@

important: Information disclosure - CVE-2007-1860

+ CVE-2007-1860

The issue is related to - CVE-2007-0450, the patch for which was insufficient.

+ CVE-2007-0450, the patch for which was insufficient.

When multiple components (firewalls, caches, proxies and Tomcat) process a request, the request URL should not get decoded multiple times @@ -89,8 +84,7 @@

critical: Arbitrary code execution and denial of service - CVE-2007-0774

+ CVE-2007-0774

An unsafe memory copy in the URI handler for the native JK connector could result in a stack overflow condition which could be leveraged to @@ -103,8 +97,7 @@

important: Information disclosure - CVE-2006-7197

+ CVE-2006-7197

The Tomcat AJP connector contained a bug that sometimes set a too long length for the chunks delivered by send_body_chunks AJP messages. Bugs of Modified: tomcat/site/trunk/xdocs/security-native.xml URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-native.xml?rev=1174455&r1=1174454&r2=1174455&view=diff ============================================================================== --- tomcat/site/trunk/xdocs/security-native.xml (original) +++ tomcat/site/trunk/xdocs/security-native.xml Thu Sep 22 23:56:14 2011 @@ -30,8 +30,7 @@

TLS SSL Man In The Middle - CVE-2009-3555

+ CVE-2009-3555

A vulnerability exists in the TLS protocol that allows an attacker to inject arbitrary requests into an TLS stream during renegotiation.

--------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org For additional commands, e-mail: dev-help@tomcat.apache.org