tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From kfuj...@apache.org
Subject svn commit: r1417311 - in /tomcat/site/trunk: docs/security-7.html xdocs/security-7.xml
Date Wed, 05 Dec 2012 08:30:30 GMT
Author: kfujino
Date: Wed Dec  5 08:30:29 2012
New Revision: 1417311

URL: http://svn.apache.org/viewvc?rev=1417311&view=rev
Log:
Correct version.

Modified:
    tomcat/site/trunk/docs/security-7.html
    tomcat/site/trunk/xdocs/security-7.xml

Modified: tomcat/site/trunk/docs/security-7.html
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-7.html?rev=1417311&r1=1417310&r2=1417311&view=diff
==============================================================================
--- tomcat/site/trunk/docs/security-7.html (original)
+++ tomcat/site/trunk/docs/security-7.html Wed Dec  5 08:30:29 2012
@@ -198,6 +198,9 @@
 <a href="#Apache_Tomcat_7.x_vulnerabilities">Apache Tomcat 7.x vulnerabilities</a>
 </li>
 <li>
+<a href="#Fixed_in_Apache_Tomcat_7.0.32">Fixed in Apache Tomcat 7.0.32</a>
+</li>
+<li>
 <a href="#Fixed_in_Apache_Tomcat_7.0.30">Fixed in Apache Tomcat 7.0.30</a>
 </li>
 <li>
@@ -321,6 +324,48 @@
 </table>
 <table border="0" cellspacing="0" cellpadding="2" width="100%">
 <tr>
+<td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica,sanserif"><a
name="Fixed in Apache Tomcat 7.0.32">
+<!--()--></a><a name="Fixed_in_Apache_Tomcat_7.0.32"><strong>Fixed
in Apache Tomcat 7.0.32</strong></a></font></td><td align="right"
bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><strong>released
9 Oct 2012</strong></font></td>
+</tr>
+<tr>
+<td colspan="2">
+<p>
+<blockquote>
+
+    
+<p>
+<strong>Important: Bypass of CSRF prevention filter</strong>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4431" rel="nofollow">CVE-2012-4431</a>
+</p>
+
+    
+<p>The CSRF prevention filter could be bypassed if a request was made to a
+       protected resource without a session identifier present in the request.
+    </p>
+
+    
+<p>This was fixed in revision <a href="http://svn.apache.org/viewvc?view=rev&amp;rev=1393088">1393088</a>.</p>
+
+    
+<p>This issue was identified by the Tomcat security team on 8 September 2012
+       and made public on 4 December 2012.</p>
+
+    
+<p>Affects: 7.0.0-7.0.31</p>
+
+  
+</blockquote>
+</p>
+</td>
+</tr>
+<tr>
+<td>
+<br>
+</td>
+</tr>
+</table>
+<table border="0" cellspacing="0" cellpadding="2" width="100%">
+<tr>
 <td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica,sanserif"><a
name="Fixed in Apache Tomcat 7.0.30">
 <!--()--></a><a name="Fixed_in_Apache_Tomcat_7.0.30"><strong>Fixed
in Apache Tomcat 7.0.30</strong></a></font></td><td align="right"
bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><strong>released
6 Sep 2012</strong></font></td>
 </tr>
@@ -393,27 +438,6 @@
     
 <p>Affects: 7.0.0-7.0.29</p>
 
-    
-<p>
-<strong>Important: Bypass of CSRF prevention filter</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4431" rel="nofollow">CVE-2012-4431</a>
-</p>
-
-    
-<p>The CSRF prevention filter could be bypassed if a request was made to a
-       protected resource without a session identifier present in the request.
-    </p>
-
-    
-<p>This was fixed in revision <a href="http://svn.apache.org/viewvc?view=rev&amp;rev=1393088">1393088</a>.</p>
-
-    
-<p>This issue was identified by the Tomcat security team on 8 September 2012
-       and made public on 4 December 2012.</p>
-
-    
-<p>Affects: 7.0.0-7.0.31</p>
-
   
 </blockquote>
 </p>

Modified: tomcat/site/trunk/xdocs/security-7.xml
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-7.xml?rev=1417311&r1=1417310&r2=1417311&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/security-7.xml (original)
+++ tomcat/site/trunk/xdocs/security-7.xml Wed Dec  5 08:30:29 2012
@@ -50,6 +50,24 @@
 
   </section>
 
+<section name="Fixed in Apache Tomcat 7.0.32" rtext="released 9 Oct 2012">
+
+    <p><strong>Important: Bypass of CSRF prevention filter</strong>
+       <cve>CVE-2012-4431</cve></p>
+
+    <p>The CSRF prevention filter could be bypassed if a request was made to a
+       protected resource without a session identifier present in the request.
+    </p>
+
+    <p>This was fixed in revision <revlink rev="1393088">1393088</revlink>.</p>
+
+    <p>This issue was identified by the Tomcat security team on 8 September 2012
+       and made public on 4 December 2012.</p>
+
+    <p>Affects: 7.0.0-7.0.31</p>
+
+  </section>
+
   <section name="Fixed in Apache Tomcat 7.0.30" rtext="released 6 Sep 2012">
 
     <p><strong>Moderate: DIGEST authentication weakness</strong>
@@ -96,20 +114,6 @@
 
     <p>Affects: 7.0.0-7.0.29</p>
 
-    <p><strong>Important: Bypass of CSRF prevention filter</strong>
-       <cve>CVE-2012-4431</cve></p>
-
-    <p>The CSRF prevention filter could be bypassed if a request was made to a
-       protected resource without a session identifier present in the request.
-    </p>
-
-    <p>This was fixed in revision <revlink rev="1393088">1393088</revlink>.</p>
-
-    <p>This issue was identified by the Tomcat security team on 8 September 2012
-       and made public on 4 December 2012.</p>
-
-    <p>Affects: 7.0.0-7.0.31</p>
-
   </section>
 
   <section name="Fixed in Apache Tomcat 7.0.28" rtext="released 19 Jun 2012">



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message