tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ma...@apache.org
Subject svn commit: r1521874 [11/13] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/
Date Wed, 11 Sep 2013 14:30:23 GMT
Modified: tomcat/site/trunk/docs/security-7.html
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-7.html?rev=1521874&r1=1521873&r2=1521874&view=diff
==============================================================================
--- tomcat/site/trunk/docs/security-7.html (original)
+++ tomcat/site/trunk/docs/security-7.html Wed Sep 11 14:30:22 2013
@@ -1,8 +1,289 @@
 <!DOCTYPE html SYSTEM "about:legacy-compat">
-<html lang="en"><head><META http-equiv="Content-Type" content="text/html; charset=UTF-8"><link href="stylesheets/tomcat.css" rel="stylesheet" type="text/css"><!--[if IE]><link href="stylesheets/tomcat-ie-fix.css" rel="stylesheet" type="text/css"/><![endif]--><link href="stylesheets/tomcat-printer.css" rel="stylesheet" type="text/css" media="print"><title>Apache Tomcat - Apache Tomcat 7 vulnerabilities</title><meta name="author" content="Apache Tomcat Project"></head><body><div id="wrapper"><!--[if IE]><div id="header"><![endif]--><!--[if !IE]>--><header id="header"><!--<![endif]--><div><div><div class="logo noPrint"><a href=""><img alt="Tomcat Home" src="./images/tomcat.png"></a></div><div style="height: 1px;"></div><div class="asfLogo"><a href="http://www.apache.org/" target="_blank"><img src="http://www.apache.org/images/feather.png" alt="The Apache Software Foundation" style="width: 266px; height: 83px;"></a></div><h1 style="margin-top: 35px;">Apache Tomcat</h1><div style="clear:
  right;"></div><div class="searchbox noPrint"><form action="http://www.google.com/search" method="get"><input value="tomcat.apache.org" name="sitesearch" type="hidden"><input placeholder="Search the Site&hellip;" required="required" size="25" name="q" id="query" type="search"><button>Search</button></form></div><div style="height: 1px;"></div><div style="clear: left;"></div></div></div><!--[if IE]></div><![endif]--><!--[if !IE]>--></header><!--<![endif]--><div id="middle"><div><div id="mainLeft" class="noprint"><div><nav><div><h2><strong>Apache Tomcat</strong></h2><ul><li><a href="./index.html">Home</a></li><li><a href="./taglibs/">Taglibs</a></li><li><a href="./maven-plugin.html">Maven Plugin</a></li></ul></div><div><h2><strong>Download</strong></h2><ul><li><a href="./whichversion.html">Which version?</a></li><li><a href="./download-80.cgi">Tomcat 8.0</a></li><li><a href="./download-70.cgi">Tomcat 7.0</a></li><li><a href="./download-60.cgi">Tomcat 6.0</a></li><li><a href="./downloa
 d-connectors.cgi">Tomcat Connectors</a></li><li><a href="./download-native.cgi">Tomcat Native</a></li><li><a href="http://archive.apache.org/dist/tomcat/">Archives</a></li></ul></div><div><h2><strong>Documentation</strong></h2><ul><li><a href="./tomcat-8.0-doc/index.html">Tomcat 8.0</a></li><li><a href="./tomcat-7.0-doc/index.html">Tomcat 7.0</a></li><li><a href="./tomcat-6.0-doc/index.html">Tomcat 6.0</a></li><li><a href="./connectors-doc/">Tomcat Connectors</a></li><li><a href="./native-doc/">Tomcat Native</a></li><li><a href="http://wiki.apache.org/tomcat/FrontPage">Wiki</a></li><li><a href="./migration.html">Migration Guide</a></li></ul></div><div><h2><strong>Problems?</strong></h2><ul><li><a href="./security.html">Security Reports</a></li><li><a href="./findhelp.html">Find help</a></li><li><a href="http://wiki.apache.org/tomcat/FAQ">FAQ</a></li><li><a href="./lists.html">Mailing Lists</a></li><li><a href="./bugreport.html">Bug Database</a></li><li><a href="./irc.html">IRC</a></
 li></ul></div><div><h2><strong>Get Involved</strong></h2><ul><li><a href="./getinvolved.html">Overview</a></li><li><a href="./svn.html">SVN Repositories</a></li><li><a href="./ci.html">Buildbot</a></li><li><a href="https://reviews.apache.org/groups/tomcat/">Reviewboard</a></li><li><a href="./tools.html">Tools</a></li></ul></div><div><h2><strong>Media</strong></h2><ul><li><a href="http://blogs.apache.org/tomcat/">Blog</a></li><li><a href="http://twitter.com/theapachetomcat">Twitter</a></li></ul></div><div><h2><strong>Misc</strong></h2><ul><li><a href="./whoweare.html">Who We Are</a></li><li><a href="./heritage.html">Heritage</a></li><li><a href="http://www.apache.org">Apache Home</a></li><li><a href="./resources.html">Resources</a></li><li><a href="./contact.html">Contact</a></li><li><a href="./legal.html">Legal</a></li><li><a href="http://www.apache.org/foundation/sponsorship.html">Sponsorship</a></li><li><a href="http://www.apache.org/foundation/thanks.html">Thanks</a></li></ul></d
 iv></nav></div></div><div id="mainRight"><div id="content"><main><h2 style="display: none;">Content</h2><h3 id="Table_of_Contents">Table of Contents</h3><div class="text">
-<ul><li><a href="#Apache_Tomcat_7.x_vulnerabilities">Apache Tomcat 7.x vulnerabilities</a></li><li><a href="#Fixed_in_Apache_Tomcat_7.0.40">Fixed in Apache Tomcat 7.0.40</a></li><li><a href="#Fixed_in_Apache_Tomcat_7.0.33">Fixed in Apache Tomcat 7.0.33</a></li><li><a href="#Fixed_in_Apache_Tomcat_7.0.32">Fixed in Apache Tomcat 7.0.32</a></li><li><a href="#Fixed_in_Apache_Tomcat_7.0.30">Fixed in Apache Tomcat 7.0.30</a></li><li><a href="#Fixed_in_Apache_Tomcat_7.0.28">Fixed in Apache Tomcat 7.0.28</a></li><li><a href="#Fixed_in_Apache_Tomcat_7.0.23">Fixed in Apache Tomcat 7.0.23</a></li><li><a href="#Fixed_in_Apache_Tomcat_7.0.22">Fixed in Apache Tomcat 7.0.22</a></li><li><a href="#Fixed_in_Apache_Tomcat_7.0.21">Fixed in Apache Tomcat 7.0.21</a></li><li><a href="#Fixed_in_Apache_Tomcat_7.0.20">Fixed in Apache Tomcat 7.0.20</a></li><li><a href="#Fixed_in_Apache_Tomcat_7.0.19">Fixed in Apache Tomcat 7.0.19</a></li><li><a href="#Fixed_in_Apache_Tomcat_7.0.14">Fixed in Apache Tomcat 7.0.
 14</a></li><li><a href="#Fixed_in_Apache_Tomcat_7.0.12">Fixed in Apache Tomcat 7.0.12</a></li><li><a href="#Fixed_in_Apache_Tomcat_7.0.11">Fixed in Apache Tomcat 7.0.11</a></li><li><a href="#Fixed_in_Apache_Tomcat_7.0.8">Fixed in Apache Tomcat 7.0.8</a></li><li><a href="#Fixed_in_Apache_Tomcat_7.0.6">Fixed in Apache Tomcat 7.0.6</a></li><li><a href="#Fixed_in_Apache_Tomcat_7.0.5">Fixed in Apache Tomcat 7.0.5</a></li><li><a href="#Fixed_in_Apache_Tomcat_7.0.4">Fixed in Apache Tomcat 7.0.4</a></li><li><a href="#Fixed_in_Apache_Tomcat_7.0.2">Fixed in Apache Tomcat 7.0.2</a></li><li><a href="#Not_a_vulnerability_in_Tomcat">Not a vulnerability in Tomcat</a></li></ul>
-</div><h3 id="Apache_Tomcat_7.x_vulnerabilities">Apache Tomcat 7.x vulnerabilities</h3><div class="text">
-    <p>This page lists all security vulnerabilities fixed in released versions
+<html lang="en">
+<head>
+<META http-equiv="Content-Type" content="text/html; charset=UTF-8">
+<link href="stylesheets/tomcat.css" rel="stylesheet" type="text/css">
+<!--[if IE]><link href="stylesheets/tomcat-ie-fix.css" rel="stylesheet" type="text/css"/><![endif]-->
+<link href="stylesheets/tomcat-printer.css" rel="stylesheet" type="text/css" media="print">
+<title>Apache Tomcat - Apache Tomcat 7 vulnerabilities</title>
+<meta name="author" content="Apache Tomcat Project">
+</head>
+<body>
+<div id="wrapper">
+<!--[if IE]><div id="header"><![endif]-->
+<!--[if !IE]>-->
+<header id="header">
+<!--<![endif]-->
+<div>
+<div>
+<div class="logo noPrint">
+<a href=""><img alt="Tomcat Home" src="./images/tomcat.png"></a>
+</div>
+<div style="height: 1px;"></div>
+<div class="asfLogo">
+<a href="http://www.apache.org/" target="_blank"><img src="http://www.apache.org/images/feather.png" alt="The Apache Software Foundation" style="width: 266px; height: 83px;"></a>
+</div>
+<h1 style="margin-top: 35px;">Apache Tomcat</h1>
+<div style="clear: right;"></div>
+<div class="searchbox noPrint">
+<form action="http://www.google.com/search" method="get">
+<input value="tomcat.apache.org" name="sitesearch" type="hidden"><input placeholder="Search the Site&hellip;" required="required" size="25" name="q" id="query" type="search"><button>Search</button>
+</form>
+</div>
+<div style="height: 1px;"></div>
+<div style="clear: left;"></div>
+</div>
+</div>
+<!--[if IE]></div><![endif]-->
+<!--[if !IE]>-->
+</header>
+<!--<![endif]-->
+<div id="middle">
+<div>
+<div id="mainLeft" class="noprint">
+<div>
+<nav>
+<div>
+<h2>
+<strong>Apache Tomcat</strong>
+</h2>
+<ul>
+<li>
+<a href="./index.html">Home</a>
+</li>
+<li>
+<a href="./taglibs/">Taglibs</a>
+</li>
+<li>
+<a href="./maven-plugin.html">Maven Plugin</a>
+</li>
+</ul>
+</div>
+<div>
+<h2>
+<strong>Download</strong>
+</h2>
+<ul>
+<li>
+<a href="./whichversion.html">Which version?</a>
+</li>
+<li>
+<a href="./download-80.cgi">Tomcat 8.0</a>
+</li>
+<li>
+<a href="./download-70.cgi">Tomcat 7.0</a>
+</li>
+<li>
+<a href="./download-60.cgi">Tomcat 6.0</a>
+</li>
+<li>
+<a href="./download-connectors.cgi">Tomcat Connectors</a>
+</li>
+<li>
+<a href="./download-native.cgi">Tomcat Native</a>
+</li>
+<li>
+<a href="http://archive.apache.org/dist/tomcat/">Archives</a>
+</li>
+</ul>
+</div>
+<div>
+<h2>
+<strong>Documentation</strong>
+</h2>
+<ul>
+<li>
+<a href="./tomcat-8.0-doc/index.html">Tomcat 8.0</a>
+</li>
+<li>
+<a href="./tomcat-7.0-doc/index.html">Tomcat 7.0</a>
+</li>
+<li>
+<a href="./tomcat-6.0-doc/index.html">Tomcat 6.0</a>
+</li>
+<li>
+<a href="./connectors-doc/">Tomcat Connectors</a>
+</li>
+<li>
+<a href="./native-doc/">Tomcat Native</a>
+</li>
+<li>
+<a href="http://wiki.apache.org/tomcat/FrontPage">Wiki</a>
+</li>
+<li>
+<a href="./migration.html">Migration Guide</a>
+</li>
+</ul>
+</div>
+<div>
+<h2>
+<strong>Problems?</strong>
+</h2>
+<ul>
+<li>
+<a href="./security.html">Security Reports</a>
+</li>
+<li>
+<a href="./findhelp.html">Find help</a>
+</li>
+<li>
+<a href="http://wiki.apache.org/tomcat/FAQ">FAQ</a>
+</li>
+<li>
+<a href="./lists.html">Mailing Lists</a>
+</li>
+<li>
+<a href="./bugreport.html">Bug Database</a>
+</li>
+<li>
+<a href="./irc.html">IRC</a>
+</li>
+</ul>
+</div>
+<div>
+<h2>
+<strong>Get Involved</strong>
+</h2>
+<ul>
+<li>
+<a href="./getinvolved.html">Overview</a>
+</li>
+<li>
+<a href="./svn.html">SVN Repositories</a>
+</li>
+<li>
+<a href="./ci.html">Buildbot</a>
+</li>
+<li>
+<a href="https://reviews.apache.org/groups/tomcat/">Reviewboard</a>
+</li>
+<li>
+<a href="./tools.html">Tools</a>
+</li>
+</ul>
+</div>
+<div>
+<h2>
+<strong>Media</strong>
+</h2>
+<ul>
+<li>
+<a href="http://blogs.apache.org/tomcat/">Blog</a>
+</li>
+<li>
+<a href="http://twitter.com/theapachetomcat">Twitter</a>
+</li>
+</ul>
+</div>
+<div>
+<h2>
+<strong>Misc</strong>
+</h2>
+<ul>
+<li>
+<a href="./whoweare.html">Who We Are</a>
+</li>
+<li>
+<a href="./heritage.html">Heritage</a>
+</li>
+<li>
+<a href="http://www.apache.org">Apache Home</a>
+</li>
+<li>
+<a href="./resources.html">Resources</a>
+</li>
+<li>
+<a href="./contact.html">Contact</a>
+</li>
+<li>
+<a href="./legal.html">Legal</a>
+</li>
+<li>
+<a href="http://www.apache.org/foundation/sponsorship.html">Sponsorship</a>
+</li>
+<li>
+<a href="http://www.apache.org/foundation/thanks.html">Thanks</a>
+</li>
+</ul>
+</div>
+</nav>
+</div>
+</div>
+<div id="mainRight">
+<div id="content">
+<main>
+<h2 style="display: none;">Content</h2>
+<h3 id="Table_of_Contents">Table of Contents</h3>
+<div class="text">
+
+<ul>
+<li>
+<a href="#Apache_Tomcat_7.x_vulnerabilities">Apache Tomcat 7.x vulnerabilities</a>
+</li>
+<li>
+<a href="#Fixed_in_Apache_Tomcat_7.0.40">Fixed in Apache Tomcat 7.0.40</a>
+</li>
+<li>
+<a href="#Fixed_in_Apache_Tomcat_7.0.33">Fixed in Apache Tomcat 7.0.33</a>
+</li>
+<li>
+<a href="#Fixed_in_Apache_Tomcat_7.0.32">Fixed in Apache Tomcat 7.0.32</a>
+</li>
+<li>
+<a href="#Fixed_in_Apache_Tomcat_7.0.30">Fixed in Apache Tomcat 7.0.30</a>
+</li>
+<li>
+<a href="#Fixed_in_Apache_Tomcat_7.0.28">Fixed in Apache Tomcat 7.0.28</a>
+</li>
+<li>
+<a href="#Fixed_in_Apache_Tomcat_7.0.23">Fixed in Apache Tomcat 7.0.23</a>
+</li>
+<li>
+<a href="#Fixed_in_Apache_Tomcat_7.0.22">Fixed in Apache Tomcat 7.0.22</a>
+</li>
+<li>
+<a href="#Fixed_in_Apache_Tomcat_7.0.21">Fixed in Apache Tomcat 7.0.21</a>
+</li>
+<li>
+<a href="#Fixed_in_Apache_Tomcat_7.0.20">Fixed in Apache Tomcat 7.0.20</a>
+</li>
+<li>
+<a href="#Fixed_in_Apache_Tomcat_7.0.19">Fixed in Apache Tomcat 7.0.19</a>
+</li>
+<li>
+<a href="#Fixed_in_Apache_Tomcat_7.0.14">Fixed in Apache Tomcat 7.0.14</a>
+</li>
+<li>
+<a href="#Fixed_in_Apache_Tomcat_7.0.12">Fixed in Apache Tomcat 7.0.12</a>
+</li>
+<li>
+<a href="#Fixed_in_Apache_Tomcat_7.0.11">Fixed in Apache Tomcat 7.0.11</a>
+</li>
+<li>
+<a href="#Fixed_in_Apache_Tomcat_7.0.8">Fixed in Apache Tomcat 7.0.8</a>
+</li>
+<li>
+<a href="#Fixed_in_Apache_Tomcat_7.0.6">Fixed in Apache Tomcat 7.0.6</a>
+</li>
+<li>
+<a href="#Fixed_in_Apache_Tomcat_7.0.5">Fixed in Apache Tomcat 7.0.5</a>
+</li>
+<li>
+<a href="#Fixed_in_Apache_Tomcat_7.0.4">Fixed in Apache Tomcat 7.0.4</a>
+</li>
+<li>
+<a href="#Fixed_in_Apache_Tomcat_7.0.2">Fixed in Apache Tomcat 7.0.2</a>
+</li>
+<li>
+<a href="#Not_a_vulnerability_in_Tomcat">Not a vulnerability in Tomcat</a>
+</li>
+</ul>
+
+</div>
+<h3 id="Apache_Tomcat_7.x_vulnerabilities">Apache Tomcat 7.x vulnerabilities</h3>
+<div class="text">
+    
+<p>This page lists all security vulnerabilities fixed in released versions
        of Apache Tomcat 7.x. Each vulnerability is given a
        <a href="security-impact.html">security impact rating</a> by the Apache
        Tomcat security team &mdash; please note that this rating may vary from
@@ -10,11 +291,14 @@
        is known to affect, and where a flaw has not been verified list the
        version with a question mark.</p>
 
-    <p><strong>Note:</strong> Vulnerabilities that are not Tomcat vulnerabilities
+    
+<p>
+<strong>Note:</strong> Vulnerabilities that are not Tomcat vulnerabilities
        but have either been incorrectly reported against Tomcat or where Tomcat
        provides a workaround are listed at the end of this page.</p>
 
-    <p>Please note that binary patches are never provided. If you need to
+    
+<p>Please note that binary patches are never provided. If you need to
        apply a source code patch, use the building instructions for the
        Apache Tomcat version that you are using. For Tomcat 7.0 those are
        <a href="/tomcat-7.0-doc/building.html"><code>building.html</code></a> and
@@ -24,119 +308,183 @@
        <a href="/tomcat-7.0-doc/security-howto.html">Security Considerations</a>
        page in the documentation.</p>
 
-    <p>If you need help on building or configuring Tomcat or other help on
+    
+<p>If you need help on building or configuring Tomcat or other help on
        following the instructions to mitigate the known vulnerabilities listed
        here, please send your questions to the public
        <a href="lists.html">Tomcat Users mailing list</a>
-    </p>
+    
+</p>
 
-    <p>If you have encountered an unlisted security vulnerability or other
+    
+<p>If you have encountered an unlisted security vulnerability or other
        unexpected behaviour that has <a href="security-impact.html">security
        impact</a>, or if the descriptions here are incomplete,
        please report them privately to the
        <a href="security.html">Tomcat Security Team</a>. Thank you.
     </p>
 
-  </div><h3 id="Fixed_in_Apache_Tomcat_7.0.40"><span style="float: right;">released 9 May 2013</span> Fixed in Apache Tomcat 7.0.40</h3><div class="text">
+  
+</div>
+<h3 id="Fixed_in_Apache_Tomcat_7.0.40">
+<span style="float: right;">released 9 May 2013</span> Fixed in Apache Tomcat 7.0.40</h3>
+<div class="text">
 
-    <p><strong>Moderate: Information disclosure</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2071" rel="nofollow">CVE-2013-2071</a></p>
+    
+<p>
+<strong>Moderate: Information disclosure</strong>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2071" rel="nofollow">CVE-2013-2071</a>
+</p>
 
-    <p>Bug <a href="https://issues.apache.org/bugzilla/show_bug.cgi?id=54178">54178</a> described a scenario where elements of a previous
+    
+<p>Bug <a href="https://issues.apache.org/bugzilla/show_bug.cgi?id=54178">54178</a> described a scenario where elements of a previous
        request may be exposed to a current request. This was very difficult to
        exploit deliberately but fairly likely to happen unexpectedly if an
        application used AsyncListeners that threw RuntimeExceptions.</p>
 
-    <p>This was fixed in revision <a href="http://svn.apache.org/viewvc?view=rev&amp;rev=1471372">1471372</a>.</p>
+    
+<p>This was fixed in revision <a href="http://svn.apache.org/viewvc?view=rev&amp;rev=1471372">1471372</a>.</p>
 
-    <p>The root cause of the problem was identified as a Tomcat bug on 2 April
+    
+<p>The root cause of the problem was identified as a Tomcat bug on 2 April
        2013. The Tomcat security team identified the security implications on
        24 April 2013 and made those details public on 10 May 2013.</p>
 
-    <p>Affects: 7.0.0-7.0.39</p>
+    
+<p>Affects: 7.0.0-7.0.39</p>
 
-  </div><h3 id="Fixed_in_Apache_Tomcat_7.0.33"><span style="float: right;">released 21 Nov 2012</span> Fixed in Apache Tomcat 7.0.33</h3><div class="text">
+  
+</div>
+<h3 id="Fixed_in_Apache_Tomcat_7.0.33">
+<span style="float: right;">released 21 Nov 2012</span> Fixed in Apache Tomcat 7.0.33</h3>
+<div class="text">
 
-    <p><strong>Important: Session fixation</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2067" rel="nofollow">CVE-2013-2067</a></p>
+    
+<p>
+<strong>Important: Session fixation</strong>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2067" rel="nofollow">CVE-2013-2067</a>
+</p>
 
-    <p>FORM authentication associates the most recent request requiring
+    
+<p>FORM authentication associates the most recent request requiring
        authentication with the current session. By repeatedly sending a request
        for an authenticated resource while the victim is completing the login
        form, an attacker could inject a request that would be executed using
        the victim's credentials.</p>
 
-    <p>This was fixed in revision <a href="http://svn.apache.org/viewvc?view=rev&amp;rev=1408044">1408044</a>.</p>
+    
+<p>This was fixed in revision <a href="http://svn.apache.org/viewvc?view=rev&amp;rev=1408044">1408044</a>.</p>
 
-    <p>This issue was identified by the Tomcat security team on 15 Oct 2012 and
+    
+<p>This issue was identified by the Tomcat security team on 15 Oct 2012 and
        made public on 10 May 2013.</p>
 
-    <p>Affects: 7.0.0-7.0.32</p>
+    
+<p>Affects: 7.0.0-7.0.32</p>
 
-  </div><h3 id="Fixed_in_Apache_Tomcat_7.0.32"><span style="float: right;">released 9 Oct 2012</span> Fixed in Apache Tomcat 7.0.32</h3><div class="text">
+  
+</div>
+<h3 id="Fixed_in_Apache_Tomcat_7.0.32">
+<span style="float: right;">released 9 Oct 2012</span> Fixed in Apache Tomcat 7.0.32</h3>
+<div class="text">
 
-    <p><strong>Important: Bypass of CSRF prevention filter</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4431" rel="nofollow">CVE-2012-4431</a></p>
+    
+<p>
+<strong>Important: Bypass of CSRF prevention filter</strong>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4431" rel="nofollow">CVE-2012-4431</a>
+</p>
 
-    <p>The CSRF prevention filter could be bypassed if a request was made to a
+    
+<p>The CSRF prevention filter could be bypassed if a request was made to a
        protected resource without a session identifier present in the request.
     </p>
 
-    <p>This was fixed in revision <a href="http://svn.apache.org/viewvc?view=rev&amp;rev=1393088">1393088</a>.</p>
+    
+<p>This was fixed in revision <a href="http://svn.apache.org/viewvc?view=rev&amp;rev=1393088">1393088</a>.</p>
 
-    <p>This issue was identified by the Tomcat security team on 8 September 2012
+    
+<p>This issue was identified by the Tomcat security team on 8 September 2012
        and made public on 4 December 2012.</p>
 
-    <p>Affects: 7.0.0-7.0.31</p>
+    
+<p>Affects: 7.0.0-7.0.31</p>
 
-  </div><h3 id="Fixed_in_Apache_Tomcat_7.0.30"><span style="float: right;">released 6 Sep 2012</span> Fixed in Apache Tomcat 7.0.30</h3><div class="text">
+  
+</div>
+<h3 id="Fixed_in_Apache_Tomcat_7.0.30">
+<span style="float: right;">released 6 Sep 2012</span> Fixed in Apache Tomcat 7.0.30</h3>
+<div class="text">
 
-    <p><strong>Important: Denial of service</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3544" rel="nofollow">CVE-2012-3544</a></p>
+    
+<p>
+<strong>Important: Denial of service</strong>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3544" rel="nofollow">CVE-2012-3544</a>
+</p>
 
-    <p>When processing a request submitted using the chunked transfer encoding,
+    
+<p>When processing a request submitted using the chunked transfer encoding,
        Tomcat ignored but did not limit any extensions that were included. This
        allows a client to perform a limited DOS by streaming an unlimited
        amount of data to the server.</p>
 
-    <p>This was fixed in revisions <a href="http://svn.apache.org/viewvc?view=rev&amp;rev=1378702">1378702</a> and
+    
+<p>This was fixed in revisions <a href="http://svn.apache.org/viewvc?view=rev&amp;rev=1378702">1378702</a> and
        <a href="http://svn.apache.org/viewvc?view=rev&amp;rev=1378921">1378921</a>.</p>
 
-    <p>This issue was reported to the Tomcat security team on 10 November 2011
+    
+<p>This issue was reported to the Tomcat security team on 10 November 2011
        and made public on 10 May 2013.</p>
 
-    <p>Affects: 7.0.0-7.0.29</p>
+    
+<p>Affects: 7.0.0-7.0.29</p>
 
-    <p><strong>Moderate: DIGEST authentication weakness</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3439" rel="nofollow">CVE-2012-3439</a></p>
+    
+<p>
+<strong>Moderate: DIGEST authentication weakness</strong>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3439" rel="nofollow">CVE-2012-3439</a>
+</p>
 
-    <p>Three weaknesses in Tomcat's implementation of DIGEST authentication
+    
+<p>Three weaknesses in Tomcat's implementation of DIGEST authentication
        were identified and resolved:
     </p>
-    <ol>
-      <li>Tomcat tracked client rather than server nonces and nonce count.</li>
-      <li>When a session ID was present, authentication was bypassed.</li>
-      <li>The user name and password were not checked before when indicating
+    
+<ol>
+      
+<li>Tomcat tracked client rather than server nonces and nonce count.</li>
+      
+<li>When a session ID was present, authentication was bypassed.</li>
+      
+<li>The user name and password were not checked before when indicating
           that a nonce was stale.</li>
-    </ol>
-    <p>
+    
+</ol>
+    
+<p>
       These issues reduced the security of DIGEST authentication making
       replay attacks possible in some circumstances.
     </p>
 
-    <p>This was fixed in revision <a href="http://svn.apache.org/viewvc?view=rev&amp;rev=1377807">1377807</a>.</p>
+    
+<p>This was fixed in revision <a href="http://svn.apache.org/viewvc?view=rev&amp;rev=1377807">1377807</a>.</p>
 
-    <p>The first issue was reported by Tilmann Kuhn to the Tomcat security team
+    
+<p>The first issue was reported by Tilmann Kuhn to the Tomcat security team
        on 19 July 2012. The second and third issues were discovered by the
        Tomcat security team during the resulting code review. All three issues
        were made public on 5 November 2012.</p>
 
-    <p>Affects: 7.0.0-7.0.29</p>
+    
+<p>Affects: 7.0.0-7.0.29</p>
 
-    <p><strong>Important: Bypass of security constraints</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3546" rel="nofollow">CVE-2012-3546</a></p>
+    
+<p>
+<strong>Important: Bypass of security constraints</strong>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3546" rel="nofollow">CVE-2012-3546</a>
+</p>
 
-    <p>When using FORM authentication it was possible to bypass the security
+    
+<p>When using FORM authentication it was possible to bypass the security
        constraint checks in the FORM authenticator by appending
        <code>/j_security_check</code> to the end of the URL if some other
        component (such as the Single-Sign-On valve) had called
@@ -144,55 +492,84 @@
        <code>FormAuthenticator#authenticate()</code>.
     </p>
 
-    <p>This was fixed in revision <a href="http://svn.apache.org/viewvc?view=rev&amp;rev=1377892">1377892</a>.</p>
+    
+<p>This was fixed in revision <a href="http://svn.apache.org/viewvc?view=rev&amp;rev=1377892">1377892</a>.</p>
 
-    <p>This issue was identified by the Tomcat security team on 13 July 2012 and
+    
+<p>This issue was identified by the Tomcat security team on 13 July 2012 and
        made public on 4 December 2012.</p>
 
-    <p>Affects: 7.0.0-7.0.29</p>
+    
+<p>Affects: 7.0.0-7.0.29</p>
 
-  </div><h3 id="Fixed_in_Apache_Tomcat_7.0.28"><span style="float: right;">released 19 Jun 2012</span> Fixed in Apache Tomcat 7.0.28</h3><div class="text">
+  
+</div>
+<h3 id="Fixed_in_Apache_Tomcat_7.0.28">
+<span style="float: right;">released 19 Jun 2012</span> Fixed in Apache Tomcat 7.0.28</h3>
+<div class="text">
 
-    <p><strong>Important: Denial of service</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2733" rel="nofollow">CVE-2012-2733</a></p>
+    
+<p>
+<strong>Important: Denial of service</strong>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2733" rel="nofollow">CVE-2012-2733</a>
+</p>
 
-    <p>The checks that limited the permitted size of request headers were
+    
+<p>The checks that limited the permitted size of request headers were
        implemented too late in the request parsing process for the HTTP NIO
        connector. This enabled a malicious user to trigger an
        OutOfMemoryError by sending a single request with very large headers.
     </p>
 
-    <p>This was fixed in revision <a href="http://svn.apache.org/viewvc?view=rev&amp;rev=1350301">1350301</a>.</p>
+    
+<p>This was fixed in revision <a href="http://svn.apache.org/viewvc?view=rev&amp;rev=1350301">1350301</a>.</p>
 
-    <p>This was reported by Josh Spiewak to the Tomcat security team on 4 June
+    
+<p>This was reported by Josh Spiewak to the Tomcat security team on 4 June
        2012 and made public on 5 November 2012.</p>
 
-    <p>Affects: 7.0.0-7.0.27</p>
+    
+<p>Affects: 7.0.0-7.0.27</p>
 
-    <p><strong>Important: Denial of service</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4534" rel="nofollow">CVE-2012-4534</a></p>
+    
+<p>
+<strong>Important: Denial of service</strong>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4534" rel="nofollow">CVE-2012-4534</a>
+</p>
 
-    <p>When using the NIO connector with sendfile and HTTPS enabled, if a client
+    
+<p>When using the NIO connector with sendfile and HTTPS enabled, if a client
        breaks the connection while reading the response an infinite loop is
        entered leading to a denial of service. This was originally reported as
        <a href="https://issues.apache.org/bugzilla/show_bug.cgi?id=52858">bug
        52858</a>.
     </p>
 
-    <p>This was fixed in revision <a href="http://svn.apache.org/viewvc?view=rev&amp;rev=1340218">1340218</a>.</p>
+    
+<p>This was fixed in revision <a href="http://svn.apache.org/viewvc?view=rev&amp;rev=1340218">1340218</a>.</p>
 
-    <p>The security implications of this bug were reported to the Tomcat
+    
+<p>The security implications of this bug were reported to the Tomcat
        security team by Arun Neelicattu of the Red Hat Security Response Team on
        3 October 2012 and made public on 4 December 2012.</p>
 
-    <p>Affects: 7.0.0-7.0.27</p>
+    
+<p>Affects: 7.0.0-7.0.27</p>
 
-  </div><h3 id="Fixed_in_Apache_Tomcat_7.0.23"><span style="float: right;">released 25 Nov 2011</span> Fixed in Apache Tomcat 7.0.23</h3><div class="text">
+  
+</div>
+<h3 id="Fixed_in_Apache_Tomcat_7.0.23">
+<span style="float: right;">released 25 Nov 2011</span> Fixed in Apache Tomcat 7.0.23</h3>
+<div class="text">
 
-    <p><strong>Important: Denial of service</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0022" rel="nofollow">CVE-2012-0022</a></p>
+    
+<p>
+<strong>Important: Denial of service</strong>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0022" rel="nofollow">CVE-2012-0022</a>
+</p>
 
-    <p>Analysis of the recent hash collision vulnerability identified unrelated
+    
+<p>Analysis of the recent hash collision vulnerability identified unrelated
        inefficiencies with Apache Tomcat's handling of large numbers of
        parameters and parameter values. These inefficiencies could allow an
        attacker, via a specially crafted request, to cause large amounts of CPU
@@ -200,7 +577,8 @@
        addressed by modifying the Tomcat parameter handling code to efficiently
        process large numbers of parameters and parameter values.</p>
 
-    <p>This was fixed in revisions <a href="http://svn.apache.org/viewvc?view=rev&amp;rev=1189899">1189899</a>,
+    
+<p>This was fixed in revisions <a href="http://svn.apache.org/viewvc?view=rev&amp;rev=1189899">1189899</a>,
        <a href="http://svn.apache.org/viewvc?view=rev&amp;rev=1190372">1190372</a>,
        <a href="http://svn.apache.org/viewvc?view=rev&amp;rev=1190482">1190482</a>,
        <a href="http://svn.apache.org/viewvc?view=rev&amp;rev=1194917">1194917</a>,
@@ -213,17 +591,27 @@
        <a href="http://svn.apache.org/viewvc?view=rev&amp;rev=1195977">1195977</a> and
        <a href="http://svn.apache.org/viewvc?view=rev&amp;rev=1198641">1198641</a>.</p>
 
-    <p>This was identified by the Tomcat security team on 21 October 2011 and
+    
+<p>This was identified by the Tomcat security team on 21 October 2011 and
        made public on 17 January 2012.</p>
 
-    <p>Affects: 7.0.0-7.0.22</p>
+    
+<p>Affects: 7.0.0-7.0.22</p>
 
-  </div><h3 id="Fixed_in_Apache_Tomcat_7.0.22"><span style="float: right;">released 1 Oct 2011</span> Fixed in Apache Tomcat 7.0.22</h3><div class="text">
+  
+</div>
+<h3 id="Fixed_in_Apache_Tomcat_7.0.22">
+<span style="float: right;">released 1 Oct 2011</span> Fixed in Apache Tomcat 7.0.22</h3>
+<div class="text">
 
-    <p><strong>Important: Information disclosure</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3375" rel="nofollow">CVE-2011-3375</a></p>
+    
+<p>
+<strong>Important: Information disclosure</strong>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3375" rel="nofollow">CVE-2011-3375</a>
+</p>
 
-    <p>For performance reasons, information parsed from a request is often
+    
+<p>For performance reasons, information parsed from a request is often
        cached in two places: the internal request object and the internal
        processor object. These objects are not recycled at exactly the same
        time. When certain errors occur that needed to be added to the access
@@ -235,17 +623,24 @@
        and response objects were recycled after being re-populated to generate
        the necessary access log entries.</p>
 
-    <p>This was fixed in <a href="http://svn.apache.org/viewvc?view=rev&amp;rev=1176592">revision 1176592</a>.</p>
+    
+<p>This was fixed in <a href="http://svn.apache.org/viewvc?view=rev&amp;rev=1176592">revision 1176592</a>.</p>
 
-    <p>This was identified by the Tomcat security team on 22 September 2011 and
+    
+<p>This was identified by the Tomcat security team on 22 September 2011 and
        made public on 17 January 2012.</p>
 
-    <p>Affects: 7.0.0-7.0.21</p>
+    
+<p>Affects: 7.0.0-7.0.21</p>
 
-    <p><strong>Low: Privilege Escalation</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3376" rel="nofollow">CVE-2011-3376</a></p>
+    
+<p>
+<strong>Low: Privilege Escalation</strong>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3376" rel="nofollow">CVE-2011-3376</a>
+</p>
 
-    <p>This issue only affects environments running web applications that are
+    
+<p>This issue only affects environments running web applications that are
        not trusted (e.g. shared hosting environments). The Servlets that
        implement the functionality of the Manager application that ships with
        Apache Tomcat should only be available to Contexts (web applications)
@@ -255,20 +650,31 @@
        web applications as well as deploying additional web applications.
     </p>
 
-    <p>This was fixed in <a href="http://svn.apache.org/viewvc?view=rev&amp;rev=1176588">revision 1176588</a>.</p>
+    
+<p>This was fixed in <a href="http://svn.apache.org/viewvc?view=rev&amp;rev=1176588">revision 1176588</a>.</p>
 
-    <p>This was identified by Ate Douma on 27 September 2011 and made public
+    
+<p>This was identified by Ate Douma on 27 September 2011 and made public
        on 8 November 2011.</p>
 
-    <p>Affects: 7.0.0-7.0.21</p>
+    
+<p>Affects: 7.0.0-7.0.21</p>
+  
   
-  </div><h3 id="Fixed_in_Apache_Tomcat_7.0.21"><span style="float: right;">released 1 Sep 2011</span> Fixed in Apache Tomcat 7.0.21</h3><div class="text">
+</div>
+<h3 id="Fixed_in_Apache_Tomcat_7.0.21">
+<span style="float: right;">released 1 Sep 2011</span> Fixed in Apache Tomcat 7.0.21</h3>
+<div class="text">
 
-    <p><strong>Important: Authentication bypass and information disclosure
+    
+<p>
+<strong>Important: Authentication bypass and information disclosure
        </strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3190" rel="nofollow">CVE-2011-3190</a></p>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3190" rel="nofollow">CVE-2011-3190</a>
+</p>
 
-    <p>Apache Tomcat supports the AJP protocol which is used with reverse
+    
+<p>Apache Tomcat supports the AJP protocol which is used with reverse
        proxies to pass requests and associated data about the request from the
        reverse proxy to Tomcat. The AJP protocol is designed so that when a
        request includes a request body, an unsolicited AJP message is sent to
@@ -279,66 +685,113 @@
        information disclosure. This vulnerability only occurs when all of the
        following are true:
        <ul>
-         <li>The org.apache.jk.server.JkCoyoteHandler AJP connector is not used
+         
+<li>The org.apache.jk.server.JkCoyoteHandler AJP connector is not used
          </li>
-         <li>POST requests are accepted</li>
-         <li>The request body is not processed</li>
-       </ul>
-    </p>
+         
+<li>POST requests are accepted</li>
+         
+<li>The request body is not processed</li>
+       
+</ul>
+    
+</p>
 
-    <p>This was fixed in <a href="http://svn.apache.org/viewvc?view=rev&amp;rev=1162958">revision 1162958</a>.</p>
+    
+<p>This was fixed in <a href="http://svn.apache.org/viewvc?view=rev&amp;rev=1162958">revision 1162958</a>.</p>
 
-    <p>This was reported publicly on 20th August 2011.</p>
+    
+<p>This was reported publicly on 20th August 2011.</p>
 
-    <p>Affects: 7.0.0-7.0.20</p>
+    
+<p>Affects: 7.0.0-7.0.20</p>
   
-    <p>Mitigation options:</p>  
-    <ul>
-      <li>Upgrade to Tomcat 7.0.21</li>
-      <li>Apply the appropriate <a href="http://svn.apache.org/viewvc?view=rev&amp;rev=1162958">patch</a></li>
-      <li>Configure both Tomcat and the reverse proxy to use a shared secret.<br>
+    
+<p>Mitigation options:</p>  
+    
+<ul>
+      
+<li>Upgrade to Tomcat 7.0.21</li>
+      
+<li>Apply the appropriate <a href="http://svn.apache.org/viewvc?view=rev&amp;rev=1162958">patch</a>
+</li>
+      
+<li>Configure both Tomcat and the reverse proxy to use a shared secret.<br>
        (It is "<code>requiredSecret</code>" attribute in AJP &lt;Connector&gt;,
        "<code>worker.<i>workername</i>.secret</code>" directive for mod_jk.
        The mod_proxy_ajp module currently does not support shared secrets).</li>
-    </ul>
+    
+</ul>
 
-    <p>References:</p>
-    <ul>
-      <li><a href="/tomcat-7.0-doc/config/ajp.html">AJP Connector documentation (Tomcat 7.0)</a></li>
-      <li><a href="/connectors-doc/reference/workers.html">workers.properties configuration (mod_jk)</a></li>
-    </ul>
-  </div><h3 id="Fixed_in_Apache_Tomcat_7.0.20"><span style="float: right;">released 11 Aug 2011</span> Fixed in Apache Tomcat 7.0.20</h3><div class="text">
+    
+<p>References:</p>
+    
+<ul>
+      
+<li>
+<a href="/tomcat-7.0-doc/config/ajp.html">AJP Connector documentation (Tomcat 7.0)</a>
+</li>
+      
+<li>
+<a href="/connectors-doc/reference/workers.html">workers.properties configuration (mod_jk)</a>
+</li>
+    
+</ul>
+  
+</div>
+<h3 id="Fixed_in_Apache_Tomcat_7.0.20">
+<span style="float: right;">released 11 Aug 2011</span> Fixed in Apache Tomcat 7.0.20</h3>
+<div class="text">
 
-    <p><strong>Important: Information disclosure</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2729" rel="nofollow">CVE-2011-2729</a></p>
+    
+<p>
+<strong>Important: Information disclosure</strong>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2729" rel="nofollow">CVE-2011-2729</a>
+</p>
 
-    <p>Due to a bug in the capabilities code, jsvc (the service wrapper for
+    
+<p>Due to a bug in the capabilities code, jsvc (the service wrapper for
        Linux that is part of the Commons Daemon project) does not drop
        capabilities allowing the application to access files and directories
        owned by superuser. This vulnerability only occurs when all of the
        following are true:
        <ul>
-         <li>Tomcat is running on a Linux operating system</li>
-         <li>jsvc was compiled with libcap</li>
-         <li>-user parameter is used</li>
-       </ul>
+         
+<li>Tomcat is running on a Linux operating system</li>
+         
+<li>jsvc was compiled with libcap</li>
+         
+<li>-user parameter is used</li>
+       
+</ul>
        Affected Tomcat versions shipped with source files for jsvc that included
        this vulnerability.
     </p>
 
-    <p>This was fixed in <a href="http://svn.apache.org/viewvc?view=rev&amp;rev=1153379">revision 1153379</a>.</p>
+    
+<p>This was fixed in <a href="http://svn.apache.org/viewvc?view=rev&amp;rev=1153379">revision 1153379</a>.</p>
 
-    <p>This was identified by Wilfried Weissmann on 20 July 2011 and made public
+    
+<p>This was identified by Wilfried Weissmann on 20 July 2011 and made public
        on 12 August 2011.</p>
 
-    <p>Affects: 7.0.0-7.0.19</p>
+    
+<p>Affects: 7.0.0-7.0.19</p>
+  
   
-  </div><h3 id="Fixed_in_Apache_Tomcat_7.0.19"><span style="float: right;">released 19 Jul 2011</span> Fixed in Apache Tomcat 7.0.19</h3><div class="text">
+</div>
+<h3 id="Fixed_in_Apache_Tomcat_7.0.19">
+<span style="float: right;">released 19 Jul 2011</span> Fixed in Apache Tomcat 7.0.19</h3>
+<div class="text">
 
-    <p><strong>Low: Information disclosure</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2526" rel="nofollow">CVE-2011-2526</a></p>
+    
+<p>
+<strong>Low: Information disclosure</strong>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2526" rel="nofollow">CVE-2011-2526</a>
+</p>
 
-    <p>Tomcat provides support for sendfile with the HTTP NIO and HTTP APR
+    
+<p>Tomcat provides support for sendfile with the HTTP NIO and HTTP APR
        connectors. sendfile is used automatically for content served via the
        DefaultServlet and deployed web applications may use it directly via
        setting request attributes. These request attributes were not validated.
@@ -346,43 +799,62 @@
        malicious web application to do one or more of the following that would
        normally be prevented by a security manager:
        <ul>
-         <li>return files to users that the security manager should make
+         
+<li>return files to users that the security manager should make
              inaccessible</li>
-         <li>terminate (via a crash) the JVM</li>
-       </ul>
+         
+<li>terminate (via a crash) the JVM</li>
+       
+</ul>
        Additionally, these vulnerabilities only occur when all of the following
        are true:
        <ul>
-         <li>untrusted web applications are being used</li>
-         <li>the SecurityManager is used to limit the untrusted web applications
+         
+<li>untrusted web applications are being used</li>
+         
+<li>the SecurityManager is used to limit the untrusted web applications
              </li>
-         <li>the HTTP NIO or HTTP APR connector is used</li>
-         <li>sendfile is enabled for the connector (this is the default)</li>
-       </ul>
-    </p>
+         
+<li>the HTTP NIO or HTTP APR connector is used</li>
+         
+<li>sendfile is enabled for the connector (this is the default)</li>
+       
+</ul>
+    
+</p>
 
-    <p>This was fixed in revisions
+    
+<p>This was fixed in revisions
        <a href="http://svn.apache.org/viewvc?view=rev&amp;rev=1145383">1145383</a>,
        <a href="http://svn.apache.org/viewvc?view=rev&amp;rev=1145489">1145489</a>,
        <a href="http://svn.apache.org/viewvc?view=rev&amp;rev=1145571">1145571</a>,
        <a href="http://svn.apache.org/viewvc?view=rev&amp;rev=1145694">1145694</a> and
        <a href="http://svn.apache.org/viewvc?view=rev&amp;rev=1146005">1146005</a>.</p>
 
-    <p>This was identified by the Tomcat security team on 7 July 2011 and
+    
+<p>This was identified by the Tomcat security team on 7 July 2011 and
        made public on 13 July 2011.</p>
 
-    <p>Affects: 7.0.0-7.0.18</p>
+    
+<p>Affects: 7.0.0-7.0.18</p>
   
-    <p><i>Note: The issues below were fixed in Apache Tomcat 7.0.17 but the
+    
+<p>
+<i>Note: The issues below were fixed in Apache Tomcat 7.0.17 but the
        release votes for the 7.0.17 and 7.0.18 release candidates did not pass.
        Therefore, although users must download 7.0.19 to obtain a version that
        includes a fix for these issues, versions 7.0.17 and 7.0.18 are not
-       included in the list of affected versions.</i></p>
+       included in the list of affected versions.</i>
+</p>
 
-    <p><strong>Low: Information disclosure</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2204" rel="nofollow">CVE-2011-2204</a></p>
+    
+<p>
+<strong>Low: Information disclosure</strong>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2204" rel="nofollow">CVE-2011-2204</a>
+</p>
 
-    <p>When using the MemoryUserDatabase (based on tomcat-users.xml) and
+    
+<p>When using the MemoryUserDatabase (based on tomcat-users.xml) and
        creating users via JMX, an exception during the user creation process may
        trigger an error message in the JMX client that includes the user's
        password. This error message is also written to the Tomcat logs. User
@@ -391,17 +863,24 @@
        do not have these permissions but are able to read log files may be able
        to discover a user's password.</p>
 
-    <p>This was fixed in <a href="http://svn.apache.org/viewvc?view=rev&amp;rev=1140070">revision 1140070</a>.</p>
+    
+<p>This was fixed in <a href="http://svn.apache.org/viewvc?view=rev&amp;rev=1140070">revision 1140070</a>.</p>
 
-    <p>This was identified by Polina Genova on 14 June 2011 and
+    
+<p>This was identified by Polina Genova on 14 June 2011 and
        made public on 27 June 2011.</p>
 
-    <p>Affects: 7.0.0-7.0.16</p>
+    
+<p>Affects: 7.0.0-7.0.16</p>
   
-    <p><strong>Low: Information disclosure</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2481" rel="nofollow">CVE-2011-2481</a></p>
+    
+<p>
+<strong>Low: Information disclosure</strong>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2481" rel="nofollow">CVE-2011-2481</a>
+</p>
 
-    <p>The re-factoring of XML validation for Tomcat 7.0.x re-introduced the
+    
+<p>The re-factoring of XML validation for Tomcat 7.0.x re-introduced the
        vulnerability previously reported as <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0783" rel="nofollow">CVE-2009-0783</a>.
        This was initially
        <a href="https://issues.apache.org/bugzilla/show_bug.cgi?id=51395">
@@ -410,38 +889,60 @@
        view and/or alter the web.xml, context.xml and tld files of other web
        applications deployed on the Tomcat instance.</p>
 
-    <p>This was first fixed in
+    
+<p>This was first fixed in
        <a href="http://svn.apache.org/viewvc?view=rev&amp;rev=1137753">revision 1137753</a>, 
        but reverted in <a href="http://svn.apache.org/viewvc?view=rev&amp;rev=1138776">revision 1138776</a> and
        finally fixed in <a href="http://svn.apache.org/viewvc?view=rev&amp;rev=1138788">revision 1138788</a>.</p>
 
-    <p>This was identified by the Tomcat security team on 20 June 2011 and
+    
+<p>This was identified by the Tomcat security team on 20 June 2011 and
        made public on 12 August 2011.</p>
 
-    <p>Affects: 7.0.0-7.0.16</p>
+    
+<p>Affects: 7.0.0-7.0.16</p>
+  
   
-  </div><h3 id="Fixed_in_Apache_Tomcat_7.0.14"><span style="float: right;">released 12 May 2011</span> Fixed in Apache Tomcat 7.0.14</h3><div class="text">
+</div>
+<h3 id="Fixed_in_Apache_Tomcat_7.0.14">
+<span style="float: right;">released 12 May 2011</span> Fixed in Apache Tomcat 7.0.14</h3>
+<div class="text">
 
-    <p><strong>Important: Security constraint bypass</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1582" rel="nofollow">CVE-2011-1582</a></p>
+    
+<p>
+<strong>Important: Security constraint bypass</strong>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1582" rel="nofollow">CVE-2011-1582</a>
+</p>
 
-    <p>An error in the fixes for CVE-2011-1088/CVE-2011-1183 meant that security
+    
+<p>An error in the fixes for CVE-2011-1088/CVE-2011-1183 meant that security
        constraints configured via annotations were ignored on the first request
        to a Servlet. Subsequent requests were secured correctly.</p>
 
-    <p>This was fixed in <a href="http://svn.apache.org/viewvc?view=rev&amp;rev=1100832">revision 1100832</a>.</p>
+    
+<p>This was fixed in <a href="http://svn.apache.org/viewvc?view=rev&amp;rev=1100832">revision 1100832</a>.</p>
 
-    <p>This was identified by the Tomcat security team on 13 April 2011 and
+    
+<p>This was identified by the Tomcat security team on 13 April 2011 and
        made public on 17 May 2011.</p>
 
-    <p>Affects: 7.0.12-7.0.13</p>
+    
+<p>Affects: 7.0.12-7.0.13</p>
   
-  </div><h3 id="Fixed_in_Apache_Tomcat_7.0.12"><span style="float: right;">released 6 Apr 2011</span> Fixed in Apache Tomcat 7.0.12</h3><div class="text">
+  
+</div>
+<h3 id="Fixed_in_Apache_Tomcat_7.0.12">
+<span style="float: right;">released 6 Apr 2011</span> Fixed in Apache Tomcat 7.0.12</h3>
+<div class="text">
 
-    <p><strong>Important: Information disclosure</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1475" rel="nofollow">CVE-2011-1475</a></p>
+    
+<p>
+<strong>Important: Information disclosure</strong>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1475" rel="nofollow">CVE-2011-1475</a>
+</p>
 
-    <p>Changes introduced to the HTTP BIO connector to support Servlet 3.0
+    
+<p>Changes introduced to the HTTP BIO connector to support Servlet 3.0
        asynchronous requests did not fully account for HTTP pipelining. As a
        result, when using HTTP pipelining a range of unexpected behaviours
        occurred including the mixing up of responses between requests. While
@@ -449,20 +950,27 @@
        user, a mix-up of responses for requests from different users may also be
        possible.</p>
 
-    <p>This was fixed in revisions <a href="http://svn.apache.org/viewvc?view=rev&amp;rev=1086349">1086349</a> and
+    
+<p>This was fixed in revisions <a href="http://svn.apache.org/viewvc?view=rev&amp;rev=1086349">1086349</a> and
        <a href="http://svn.apache.org/viewvc?view=rev&amp;rev=1086352">1086352</a>.
        (Note: HTTP pipelined requests are still likely to fail with the
        HTTP BIO connector but will do so in a secure manner.)</p>
 
-    <p>This was reported publicly on the Tomcat Bugzilla issue tracker on 22 Mar
+    
+<p>This was reported publicly on the Tomcat Bugzilla issue tracker on 22 Mar
        2011.</p>
 
-    <p>Affects: 7.0.0-7.0.11</p>
+    
+<p>Affects: 7.0.0-7.0.11</p>
 
-    <p><strong>Moderate: Multiple weaknesses in HTTP DIGEST authentication</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1184" rel="nofollow">CVE-2011-1184</a></p>
+    
+<p>
+<strong>Moderate: Multiple weaknesses in HTTP DIGEST authentication</strong>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1184" rel="nofollow">CVE-2011-1184</a>
+</p>
 
-    <p>Note: Mitre elected to break this issue down into multiple issues and
+    
+<p>Note: Mitre elected to break this issue down into multiple issues and
        have allocated the following additional references to parts of this
        issue:
        <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5062" rel="nofollow">CVE-2011-5062</a>,
@@ -471,123 +979,196 @@
        continue to treat this as a single issue using the reference
        <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1184" rel="nofollow">CVE-2011-1184</a>.</p>
 
-    <p>The implementation of HTTP DIGEST authentication was discovered to have
+    
+<p>The implementation of HTTP DIGEST authentication was discovered to have
        several weaknesses:
        <ul>
-         <li>replay attacks were permitted</li>
-         <li>server nonces were not checked</li>
-         <li>client nonce counts were not checked</li>
-         <li>qop values were not checked</li>
-         <li>realm values were not checked</li>
-         <li>the server secret was hard-coded to a known string</li>
-       </ul>
+         
+<li>replay attacks were permitted</li>
+         
+<li>server nonces were not checked</li>
+         
+<li>client nonce counts were not checked</li>
+         
+<li>qop values were not checked</li>
+         
+<li>realm values were not checked</li>
+         
+<li>the server secret was hard-coded to a known string</li>
+       
+</ul>
        The result of these weaknesses is that DIGEST authentication was only as
        secure as BASIC authentication.
     </p>
 
-    <p>This was fixed in <a href="http://svn.apache.org/viewvc?view=rev&amp;rev=1087655">revision 1087655</a>.</p>
+    
+<p>This was fixed in <a href="http://svn.apache.org/viewvc?view=rev&amp;rev=1087655">revision 1087655</a>.</p>
 
-    <p>This was identified by the Tomcat security team on 16 March 2011 and
+    
+<p>This was identified by the Tomcat security team on 16 March 2011 and
        made public on 26 September 2011.</p>
 
-    <p>Affects: 7.0.0-7.0.11</p>
+    
+<p>Affects: 7.0.0-7.0.11</p>
 
-    <p><strong>Important: Security constraint bypass</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1183" rel="nofollow">CVE-2011-1183</a></p>
+    
+<p>
+<strong>Important: Security constraint bypass</strong>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1183" rel="nofollow">CVE-2011-1183</a>
+</p>
 
-    <p>A regression in the fix for CVE-2011-1088 meant that security constraints
+    
+<p>A regression in the fix for CVE-2011-1088 meant that security constraints
        were ignored when no login configuration was present in the web.xml and
        the web application was marked as meta-data complete.</p>
 
-    <p>This was fixed in <a href="http://svn.apache.org/viewvc?view=rev&amp;rev=1087643">revision 1087643</a>.</p>
+    
+<p>This was fixed in <a href="http://svn.apache.org/viewvc?view=rev&amp;rev=1087643">revision 1087643</a>.</p>
 
-    <p>This was identified by the Tomcat security team on 17 March 2011 and
+    
+<p>This was identified by the Tomcat security team on 17 March 2011 and
        made public on 6 April 2011.</p>
 
-    <p>Affects: 7.0.11</p>
+    
+<p>Affects: 7.0.11</p>
 
-  </div><h3 id="Fixed_in_Apache_Tomcat_7.0.11"><span style="float: right;">released 11 Mar 2011</span> Fixed in Apache Tomcat 7.0.11</h3><div class="text">
+  
+</div>
+<h3 id="Fixed_in_Apache_Tomcat_7.0.11">
+<span style="float: right;">released 11 Mar 2011</span> Fixed in Apache Tomcat 7.0.11</h3>
+<div class="text">
 
-    <p><strong>Important: Security constraint bypass</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1088" rel="nofollow">CVE-2011-1088</a></p>
+    
+<p>
+<strong>Important: Security constraint bypass</strong>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1088" rel="nofollow">CVE-2011-1088</a>
+</p>
 
-    <p>When a web application was started, <code>ServletSecurity</code>
+    
+<p>When a web application was started, <code>ServletSecurity</code>
        annotations were ignored. This meant that some areas of the application
        may not have been protected as expected. This was partially fixed in
        Apache Tomcat 7.0.10 and fully fixed in 7.0.11.</p>
 
-    <p>This was fixed in revisions <a href="http://svn.apache.org/viewvc?view=rev&amp;rev=1076586">1076586</a>,
+    
+<p>This was fixed in revisions <a href="http://svn.apache.org/viewvc?view=rev&amp;rev=1076586">1076586</a>,
        <a href="http://svn.apache.org/viewvc?view=rev&amp;rev=1076587">1076587</a>,
        <a href="http://svn.apache.org/viewvc?view=rev&amp;rev=1077995">1077995</a> and
        <a href="http://svn.apache.org/viewvc?view=rev&amp;rev=1079752">1079752</a>.</p>
 
-    <p>This was reported publicly on the Tomcat users mailing list on 2 Mar
+    
+<p>This was reported publicly on the Tomcat users mailing list on 2 Mar
        2011.</p>
 
-    <p>Affects: 7.0.0-7.0.10</p>
+    
+<p>Affects: 7.0.0-7.0.10</p>
 
-  </div><h3 id="Fixed_in_Apache_Tomcat_7.0.8"><span style="float: right;">released 5 Feb 2011</span> Fixed in Apache Tomcat 7.0.8</h3><div class="text">
+  
+</div>
+<h3 id="Fixed_in_Apache_Tomcat_7.0.8">
+<span style="float: right;">released 5 Feb 2011</span> Fixed in Apache Tomcat 7.0.8</h3>
+<div class="text">
 
-    <p><i>Note: The issue below was fixed in Apache Tomcat 7.0.7 but the
+    
+<p>
+<i>Note: The issue below was fixed in Apache Tomcat 7.0.7 but the
        release vote for the 7.0.7 release candidate did not pass. Therefore,
        although users must download 7.0.8 to obtain a version that includes a
        fix for this issue, version 7.0.7 is not included in the list of
-       affected versions.</i></p>
+       affected versions.</i>
+</p>
 
-    <p><strong>Important: Remote Denial Of Service</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0534" rel="nofollow">CVE-2011-0534</a></p>
+    
+<p>
+<strong>Important: Remote Denial Of Service</strong>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0534" rel="nofollow">CVE-2011-0534</a>
+</p>
 
-    <p>The NIO connector expands its buffer endlessly during request line
+    
+<p>The NIO connector expands its buffer endlessly during request line
        processing. That behaviour can be used for a denial of service attack
        using a carefully crafted request.</p>
 
-    <p>This was fixed in <a href="http://svn.apache.org/viewvc?view=rev&amp;rev=1065939">revision 1065939</a>.</p>
+    
+<p>This was fixed in <a href="http://svn.apache.org/viewvc?view=rev&amp;rev=1065939">revision 1065939</a>.</p>
 
-    <p>This was identified by the Tomcat security team on 27 Jan 2011 and
+    
+<p>This was identified by the Tomcat security team on 27 Jan 2011 and
        made public on 5 Feb 2011.</p>
 
-    <p>Affects: 7.0.0-7.0.6</p>
+    
+<p>Affects: 7.0.0-7.0.6</p>
 
-  </div><h3 id="Fixed_in_Apache_Tomcat_7.0.6"><span style="float: right;">released 14 Jan 2011</span> Fixed in Apache Tomcat 7.0.6</h3><div class="text">
   
-    <p><strong>Low: Cross-site scripting</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0013" rel="nofollow">CVE-2011-0013</a></p>
+</div>
+<h3 id="Fixed_in_Apache_Tomcat_7.0.6">
+<span style="float: right;">released 14 Jan 2011</span> Fixed in Apache Tomcat 7.0.6</h3>
+<div class="text">
+  
+    
+<p>
+<strong>Low: Cross-site scripting</strong>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0013" rel="nofollow">CVE-2011-0013</a>
+</p>
 
-    <p>The HTML Manager interface displayed web application provided data, such
+    
+<p>The HTML Manager interface displayed web application provided data, such
        as display names, without filtering. A malicious web application could
        trigger script execution by an administrative user when viewing the
        manager pages.</p>
 
-    <p>This was fixed in <a href="http://svn.apache.org/viewvc?view=rev&amp;rev=1057279">revision 1057279</a>.</p>
+    
+<p>This was fixed in <a href="http://svn.apache.org/viewvc?view=rev&amp;rev=1057279">revision 1057279</a>.</p>
 
-    <p>This was identified by the Tomcat security team on 12 Nov 2010 and
+    
+<p>This was identified by the Tomcat security team on 12 Nov 2010 and
        made public on 5 Feb 2011.</p>
 
-    <p>Affects: 7.0.0-7.0.5</p>
+    
+<p>Affects: 7.0.0-7.0.5</p>
   
-  </div><h3 id="Fixed_in_Apache_Tomcat_7.0.5"><span style="float: right;">released 1 Dec 2010</span> Fixed in Apache Tomcat 7.0.5</h3><div class="text">
   
-    <p><strong>Low: Cross-site scripting</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4172" rel="nofollow">CVE-2010-4172</a></p>
+</div>
+<h3 id="Fixed_in_Apache_Tomcat_7.0.5">
+<span style="float: right;">released 1 Dec 2010</span> Fixed in Apache Tomcat 7.0.5</h3>
+<div class="text">
+  
+    
+<p>
+<strong>Low: Cross-site scripting</strong>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4172" rel="nofollow">CVE-2010-4172</a>
+</p>
 
-    <p>The Manager application used the user provided parameters sort and
+    
+<p>The Manager application used the user provided parameters sort and
        orderBy directly without filtering thereby permitting cross-site
        scripting. The CSRF protection, which is enabled by default, prevents an
        attacker from exploiting this.</p>
 
-    <p>This was fixed in <a href="http://svn.apache.org/viewvc?view=rev&amp;rev=1037778">revision 1037778</a>.</p>
+    
+<p>This was fixed in <a href="http://svn.apache.org/viewvc?view=rev&amp;rev=1037778">revision 1037778</a>.</p>
 
-    <p>This was first reported to the Tomcat security team on 15 Nov 2010 and
+    
+<p>This was first reported to the Tomcat security team on 15 Nov 2010 and
        made public on 22 Nov 2010.</p>
 
-    <p>Affects: 7.0.0-7.0.4</p>
+    
+<p>Affects: 7.0.0-7.0.4</p>
+  
   
-  </div><h3 id="Fixed_in_Apache_Tomcat_7.0.4"><span style="float: right;">released 21 Oct 2010</span> Fixed in Apache Tomcat 7.0.4</h3><div class="text">
+</div>
+<h3 id="Fixed_in_Apache_Tomcat_7.0.4">
+<span style="float: right;">released 21 Oct 2010</span> Fixed in Apache Tomcat 7.0.4</h3>
+<div class="text">
 
-    <p><strong>Low: SecurityManager file permission bypass</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3718" rel="nofollow">CVE-2010-3718</a></p>
+    
+<p>
+<strong>Low: SecurityManager file permission bypass</strong>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3718" rel="nofollow">CVE-2010-3718</a>
+</p>
 
-    <p>When running under a SecurityManager, access to the file system is
+    
+<p>When running under a SecurityManager, access to the file system is
        limited but web applications are granted read/write permissions to the
        work directory. This directory is used for a variety of temporary files
        such as the intermediate files generated when compiling JSPs to Servlets.
@@ -601,51 +1182,76 @@
        applicable when hosting web applications from untrusted sources such as
        shared hosting environments.</p>
 
-    <p>This was fixed in <a href="http://svn.apache.org/viewvc?view=rev&amp;rev=1022134">revision 1022134</a>.</p>
+    
+<p>This was fixed in <a href="http://svn.apache.org/viewvc?view=rev&amp;rev=1022134">revision 1022134</a>.</p>
 
-    <p>This was discovered by the Tomcat security team on 12 Oct 2010 and
+    
+<p>This was discovered by the Tomcat security team on 12 Oct 2010 and
        made public on 5 Feb 2011.</p>
 
-    <p>Affects: 7.0.0-7.0.3</p>
+    
+<p>Affects: 7.0.0-7.0.3</p>
+  
   
-  </div><h3 id="Fixed_in_Apache_Tomcat_7.0.2"><span style="float: right;">released 11 Aug 2010</span> Fixed in Apache Tomcat 7.0.2</h3><div class="text">
+</div>
+<h3 id="Fixed_in_Apache_Tomcat_7.0.2">
+<span style="float: right;">released 11 Aug 2010</span> Fixed in Apache Tomcat 7.0.2</h3>
+<div class="text">
   
-    <p><i>Note: The issue below was fixed in Apache Tomcat 7.0.1 but the
+    
+<p>
+<i>Note: The issue below was fixed in Apache Tomcat 7.0.1 but the
        release vote for the 7.0.1 release candidate did not pass. Therefore,
        although users must download 7.0.2 to obtain a version that includes a
        fix for this issue, version 7.0.2 is not included in the list of
-       affected versions.</i></p>
+       affected versions.</i>
+</p>
          
-    <p><strong>Important: Remote Denial Of Service and Information Disclosure
+    
+<p>
+<strong>Important: Remote Denial Of Service and Information Disclosure
        Vulnerability</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2227" rel="nofollow">CVE-2010-2227</a></p>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2227" rel="nofollow">CVE-2010-2227</a>
+</p>
 
-    <p>Several flaws in the handling of the 'Transfer-Encoding' header were
+    
+<p>Several flaws in the handling of the 'Transfer-Encoding' header were
        found that prevented the recycling of a buffer. A remote attacker could
        trigger this flaw which would cause subsequent requests to fail and/or
        information to leak between requests. This flaw is mitigated if Tomcat is
        behind a reverse proxy (such as Apache httpd 2.2) as the proxy should
        reject the invalid transfer encoding header.</p>
        
-    <p>This was fixed in <a href="http://svn.apache.org/viewvc?view=rev&amp;rev=958911">revision 958911</a>.</p>
+    
+<p>This was fixed in <a href="http://svn.apache.org/viewvc?view=rev&amp;rev=958911">revision 958911</a>.</p>
 
-    <p>This was first reported to the Tomcat security team on 14 Jun 2010 and
+    
+<p>This was first reported to the Tomcat security team on 14 Jun 2010 and
        made public on 9 Jul 2010.</p>
 
-    <p>Affects: 7.0.0</p>
+    
+<p>Affects: 7.0.0</p>
 
-  </div><h3 id="Not_a_vulnerability_in_Tomcat">Not a vulnerability in Tomcat</h3><div class="text">
   
-    <p><strong>Low: Denial Of Service</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5568" rel="nofollow">CVE-2012-5568</a></p>
+</div>
+<h3 id="Not_a_vulnerability_in_Tomcat">Not a vulnerability in Tomcat</h3>
+<div class="text">
+  
+    
+<p>
+<strong>Low: Denial Of Service</strong>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5568" rel="nofollow">CVE-2012-5568</a>
+</p>
 
-    <p>Sending an HTTP request 1 byte at a time will consume a thread from the
+    
+<p>Sending an HTTP request 1 byte at a time will consume a thread from the
        connection pool until the request has been fully processed if using the
        BIO or APR/native HTTP connectors. Multiple requests may be used to
        consume all threads in the connection pool thereby creating a denial of
        service.</p>
 
-    <p>Since the relationship between the client side resources and server side
+    
+<p>Since the relationship between the client side resources and server side
        resources is a linear one, this issue is not something that the Tomcat
        Security Team views as a vulnerability. This is a generic DoS problem and
        there is no magic solution. This issue has been discussed several times
@@ -654,85 +1260,124 @@
        <a href="https://issues.apache.org/bugzilla/show_bug.cgi?id=54263">bug
        54236</a>.</p>
 
-    <p>This was first discussed on the public Tomcat users mailing list on 19
+    
+<p>This was first discussed on the public Tomcat users mailing list on 19
        June 2009.</p>
 
-    <p>Affects: 7.0.0-7.0.x</p>
+    
+<p>Affects: 7.0.0-7.0.x</p>
 
-    <p><strong>Important: Remote Denial Of Service</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4476" rel="nofollow">CVE-2010-4476</a></p>
+    
+<p>
+<strong>Important: Remote Denial Of Service</strong>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4476" rel="nofollow">CVE-2010-4476</a>
+</p>
 
-    <p>A JVM bug could cause Double conversion to hang JVM when accessing to a
+    
+<p>A JVM bug could cause Double conversion to hang JVM when accessing to a
        form based security constrained page or any page that calls
        javax.servlet.ServletRequest.getLocale() or
        javax.servlet.ServletRequest.getLocales(). A specially crafted request
        can be used to trigger a denial of service.
     </p>
 
-    <p>A work-around for this JVM bug was provided in 
+    
+<p>A work-around for this JVM bug was provided in 
        <a href="http://svn.apache.org/viewvc?view=rev&amp;rev=1066244">revision 1066244</a>.</p>
 
-    <p>This was first reported to the Tomcat security team on 01 Feb 2011 and
+    
+<p>This was first reported to the Tomcat security team on 01 Feb 2011 and
        made public on 31 Jan 2011.</p>
 
-    <p>Affects: 7.0.0-7.0.6</p>
+    
+<p>Affects: 7.0.0-7.0.6</p>
 
-    <p><strong>Moderate: TLS SSL Man In The Middle</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555" rel="nofollow">CVE-2009-3555</a></p>
+    
+<p>
+<strong>Moderate: TLS SSL Man In The Middle</strong>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555" rel="nofollow">CVE-2009-3555</a>
+</p>
 
-    <p>A vulnerability exists in the TLS protocol that allows an attacker to
+    
+<p>A vulnerability exists in the TLS protocol that allows an attacker to
        inject arbitrary requests into an TLS stream during renegotiation.</p>
     
-    <p>The TLS implementation used by Tomcat varies with connector. The blocking
+    
+<p>The TLS implementation used by Tomcat varies with connector. The blocking
        IO (BIO) and non-blocking (NIO) connectors use the JSSE implementation
        provided by the JVM. The APR/native connector uses OpenSSL.</p>
        
-    <p>The BIO connector is vulnerable if the JSSE version used is vulnerable.
+    
+<p>The BIO connector is vulnerable if the JSSE version used is vulnerable.
        To workaround a vulnerable version of JSSE, use the connector attribute
        <code>allowUnsafeLegacyRenegotiation</code>. It should be set to
        <code>false</code> (the default) to protect against this vulnerability.
        </p>
        
-    <p>The NIO connector prior to 7.0.10 is not vulnerable as it does not
+    
+<p>The NIO connector prior to 7.0.10 is not vulnerable as it does not
        support renegotiation.</p>
        
-    <p>The NIO connector is vulnerable from version 7.0.10 onwards if the JSSE
+    
+<p>The NIO connector is vulnerable from version 7.0.10 onwards if the JSSE
        version used is vulnerable. To workaround a vulnerable version of JSSE,
        use the connector attribute <code>allowUnsafeLegacyRenegotiation</code>.
        It should be set to <code>false</code> (the default) to protect against
        this vulnerability.</p>
        
-    <p>The APR/native workarounds are detailed on the
+    
+<p>The APR/native workarounds are detailed on the
        <a href="security-native.html">APR/native connector security page</a>.
        </p>
        
-    <p>Users should be aware that the impact of disabling renegotiation will
+    
+<p>Users should be aware that the impact of disabling renegotiation will
        vary with both application and client. In some circumstances disabling
        renegotiation may result in some clients being unable to access the
        application.</p>
 
-    <p>This was worked-around in
+    
+<p>This was worked-around in
        <a href="http://svn.apache.org/viewvc?view=rev&amp;rev=882320">revision 891292</a>.</p>
 
-    <p>Support for the new TLS renegotiation protocol (RFC 5746) that does not
+    
+<p>Support for the new TLS renegotiation protocol (RFC 5746) that does not
        have this security issue:</p>
 
-    <ul>
-      <li>For connectors using JSSE implementation provided by JVM:
+    
+<ul>
+      
+<li>For connectors using JSSE implementation provided by JVM:
         Added in Tomcat 7.0.8.<br>
         Requires JRE that supports RFC 5746. For Oracle JRE that is
         <a rel="nofollow" href="http://www.oracle.com/technetwork/java/javase/documentation/tlsreadme2-176330.html">known</a>
         to be 6u22 or later.
       </li>
-      <li>For connectors using APR and OpenSSL:<br>
+      
+<li>For connectors using APR and OpenSSL:<br>
         TBD. See
         <a href="security-native.html">APR/native connector security page</a>.
       </li>
-    </ul>
+    
+</ul>
 
-  </div></main></div></div></div></div><!--[if IE]><div id="footer"><![endif]--><!--[if !IE]>--><footer id="footer"><!--<![endif]-->
+  
+</div>
+</main>
+</div>
+</div>
+</div>
+</div>
+<!--[if IE]><div id="footer"><![endif]-->
+<!--[if !IE]>-->
+<footer id="footer">
+<!--<![endif]-->
     Copyright &copy; 1999-2013, The Apache Software Foundation
     <br>
     Apache Tomcat, Tomcat, Apache, the Apache feather, and the Apache Tomcat
     project logo are trademarks of the Apache Software Foundation.
-    <!--[if IE]></div><![endif]--><!--[if !IE]>--></footer><!--<![endif]--></div></body></html>
\ No newline at end of file
+    <!--[if IE]></div><![endif]--><!--[if !IE]>--></footer>
+<!--<![endif]-->
+</div>
+</body>
+</html>

Modified: tomcat/site/trunk/docs/security-8.html
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-8.html?rev=1521874&r1=1521873&r2=1521874&view=diff
==============================================================================
--- tomcat/site/trunk/docs/security-8.html (original)
+++ tomcat/site/trunk/docs/security-8.html Wed Sep 11 14:30:22 2013
@@ -1,8 +1,238 @@
 <!DOCTYPE html SYSTEM "about:legacy-compat">
-<html lang="en"><head><META http-equiv="Content-Type" content="text/html; charset=UTF-8"><link href="stylesheets/tomcat.css" rel="stylesheet" type="text/css"><!--[if IE]><link href="stylesheets/tomcat-ie-fix.css" rel="stylesheet" type="text/css"/><![endif]--><link href="stylesheets/tomcat-printer.css" rel="stylesheet" type="text/css" media="print"><title>Apache Tomcat - Apache Tomcat 8 vulnerabilities</title><meta name="author" content="Apache Tomcat Project"></head><body><div id="wrapper"><!--[if IE]><div id="header"><![endif]--><!--[if !IE]>--><header id="header"><!--<![endif]--><div><div><div class="logo noPrint"><a href=""><img alt="Tomcat Home" src="./images/tomcat.png"></a></div><div style="height: 1px;"></div><div class="asfLogo"><a href="http://www.apache.org/" target="_blank"><img src="http://www.apache.org/images/feather.png" alt="The Apache Software Foundation" style="width: 266px; height: 83px;"></a></div><h1 style="margin-top: 35px;">Apache Tomcat</h1><div style="clear:
  right;"></div><div class="searchbox noPrint"><form action="http://www.google.com/search" method="get"><input value="tomcat.apache.org" name="sitesearch" type="hidden"><input placeholder="Search the Site&hellip;" required="required" size="25" name="q" id="query" type="search"><button>Search</button></form></div><div style="height: 1px;"></div><div style="clear: left;"></div></div></div><!--[if IE]></div><![endif]--><!--[if !IE]>--></header><!--<![endif]--><div id="middle"><div><div id="mainLeft" class="noprint"><div><nav><div><h2><strong>Apache Tomcat</strong></h2><ul><li><a href="./index.html">Home</a></li><li><a href="./taglibs/">Taglibs</a></li><li><a href="./maven-plugin.html">Maven Plugin</a></li></ul></div><div><h2><strong>Download</strong></h2><ul><li><a href="./whichversion.html">Which version?</a></li><li><a href="./download-80.cgi">Tomcat 8.0</a></li><li><a href="./download-70.cgi">Tomcat 7.0</a></li><li><a href="./download-60.cgi">Tomcat 6.0</a></li><li><a href="./downloa
 d-connectors.cgi">Tomcat Connectors</a></li><li><a href="./download-native.cgi">Tomcat Native</a></li><li><a href="http://archive.apache.org/dist/tomcat/">Archives</a></li></ul></div><div><h2><strong>Documentation</strong></h2><ul><li><a href="./tomcat-8.0-doc/index.html">Tomcat 8.0</a></li><li><a href="./tomcat-7.0-doc/index.html">Tomcat 7.0</a></li><li><a href="./tomcat-6.0-doc/index.html">Tomcat 6.0</a></li><li><a href="./connectors-doc/">Tomcat Connectors</a></li><li><a href="./native-doc/">Tomcat Native</a></li><li><a href="http://wiki.apache.org/tomcat/FrontPage">Wiki</a></li><li><a href="./migration.html">Migration Guide</a></li></ul></div><div><h2><strong>Problems?</strong></h2><ul><li><a href="./security.html">Security Reports</a></li><li><a href="./findhelp.html">Find help</a></li><li><a href="http://wiki.apache.org/tomcat/FAQ">FAQ</a></li><li><a href="./lists.html">Mailing Lists</a></li><li><a href="./bugreport.html">Bug Database</a></li><li><a href="./irc.html">IRC</a></
 li></ul></div><div><h2><strong>Get Involved</strong></h2><ul><li><a href="./getinvolved.html">Overview</a></li><li><a href="./svn.html">SVN Repositories</a></li><li><a href="./ci.html">Buildbot</a></li><li><a href="https://reviews.apache.org/groups/tomcat/">Reviewboard</a></li><li><a href="./tools.html">Tools</a></li></ul></div><div><h2><strong>Media</strong></h2><ul><li><a href="http://blogs.apache.org/tomcat/">Blog</a></li><li><a href="http://twitter.com/theapachetomcat">Twitter</a></li></ul></div><div><h2><strong>Misc</strong></h2><ul><li><a href="./whoweare.html">Who We Are</a></li><li><a href="./heritage.html">Heritage</a></li><li><a href="http://www.apache.org">Apache Home</a></li><li><a href="./resources.html">Resources</a></li><li><a href="./contact.html">Contact</a></li><li><a href="./legal.html">Legal</a></li><li><a href="http://www.apache.org/foundation/sponsorship.html">Sponsorship</a></li><li><a href="http://www.apache.org/foundation/thanks.html">Thanks</a></li></ul></d
 iv></nav></div></div><div id="mainRight"><div id="content"><main><h2 style="display: none;">Content</h2><h3 id="Table_of_Contents">Table of Contents</h3><div class="text">
-<ul><li><a href="#Apache_Tomcat_8.x_vulnerabilities">Apache Tomcat 8.x vulnerabilities</a></li><li><a href="#Fixed_in_Apache_Tomcat_8.0.0-RC1">Fixed in Apache Tomcat 8.0.0-RC1</a></li><li><a href="#Not_a_vulnerability_in_Tomcat">Not a vulnerability in Tomcat</a></li></ul>
-</div><h3 id="Apache_Tomcat_8.x_vulnerabilities">Apache Tomcat 8.x vulnerabilities</h3><div class="text">
-    <p>This page lists all security vulnerabilities fixed in released versions
+<html lang="en">
+<head>
+<META http-equiv="Content-Type" content="text/html; charset=UTF-8">
+<link href="stylesheets/tomcat.css" rel="stylesheet" type="text/css">
+<!--[if IE]><link href="stylesheets/tomcat-ie-fix.css" rel="stylesheet" type="text/css"/><![endif]-->
+<link href="stylesheets/tomcat-printer.css" rel="stylesheet" type="text/css" media="print">
+<title>Apache Tomcat - Apache Tomcat 8 vulnerabilities</title>
+<meta name="author" content="Apache Tomcat Project">
+</head>
+<body>
+<div id="wrapper">
+<!--[if IE]><div id="header"><![endif]-->
+<!--[if !IE]>-->
+<header id="header">
+<!--<![endif]-->
+<div>
+<div>
+<div class="logo noPrint">
+<a href=""><img alt="Tomcat Home" src="./images/tomcat.png"></a>
+</div>
+<div style="height: 1px;"></div>
+<div class="asfLogo">
+<a href="http://www.apache.org/" target="_blank"><img src="http://www.apache.org/images/feather.png" alt="The Apache Software Foundation" style="width: 266px; height: 83px;"></a>
+</div>
+<h1 style="margin-top: 35px;">Apache Tomcat</h1>
+<div style="clear: right;"></div>
+<div class="searchbox noPrint">
+<form action="http://www.google.com/search" method="get">
+<input value="tomcat.apache.org" name="sitesearch" type="hidden"><input placeholder="Search the Site&hellip;" required="required" size="25" name="q" id="query" type="search"><button>Search</button>
+</form>
+</div>
+<div style="height: 1px;"></div>
+<div style="clear: left;"></div>
+</div>
+</div>
+<!--[if IE]></div><![endif]-->
+<!--[if !IE]>-->
+</header>
+<!--<![endif]-->
+<div id="middle">
+<div>
+<div id="mainLeft" class="noprint">
+<div>
+<nav>
+<div>
+<h2>
+<strong>Apache Tomcat</strong>
+</h2>
+<ul>
+<li>
+<a href="./index.html">Home</a>
+</li>
+<li>
+<a href="./taglibs/">Taglibs</a>
+</li>
+<li>
+<a href="./maven-plugin.html">Maven Plugin</a>
+</li>
+</ul>
+</div>
+<div>
+<h2>
+<strong>Download</strong>
+</h2>
+<ul>
+<li>
+<a href="./whichversion.html">Which version?</a>
+</li>
+<li>
+<a href="./download-80.cgi">Tomcat 8.0</a>
+</li>
+<li>
+<a href="./download-70.cgi">Tomcat 7.0</a>
+</li>
+<li>
+<a href="./download-60.cgi">Tomcat 6.0</a>
+</li>
+<li>
+<a href="./download-connectors.cgi">Tomcat Connectors</a>
+</li>
+<li>
+<a href="./download-native.cgi">Tomcat Native</a>
+</li>
+<li>
+<a href="http://archive.apache.org/dist/tomcat/">Archives</a>
+</li>
+</ul>
+</div>
+<div>
+<h2>
+<strong>Documentation</strong>
+</h2>
+<ul>
+<li>
+<a href="./tomcat-8.0-doc/index.html">Tomcat 8.0</a>
+</li>
+<li>
+<a href="./tomcat-7.0-doc/index.html">Tomcat 7.0</a>
+</li>
+<li>
+<a href="./tomcat-6.0-doc/index.html">Tomcat 6.0</a>
+</li>
+<li>
+<a href="./connectors-doc/">Tomcat Connectors</a>
+</li>
+<li>
+<a href="./native-doc/">Tomcat Native</a>
+</li>
+<li>
+<a href="http://wiki.apache.org/tomcat/FrontPage">Wiki</a>
+</li>
+<li>
+<a href="./migration.html">Migration Guide</a>
+</li>
+</ul>
+</div>
+<div>
+<h2>
+<strong>Problems?</strong>
+</h2>
+<ul>
+<li>
+<a href="./security.html">Security Reports</a>
+</li>
+<li>
+<a href="./findhelp.html">Find help</a>
+</li>
+<li>
+<a href="http://wiki.apache.org/tomcat/FAQ">FAQ</a>
+</li>
+<li>
+<a href="./lists.html">Mailing Lists</a>
+</li>
+<li>
+<a href="./bugreport.html">Bug Database</a>
+</li>
+<li>
+<a href="./irc.html">IRC</a>
+</li>
+</ul>
+</div>
+<div>
+<h2>
+<strong>Get Involved</strong>
+</h2>
+<ul>
+<li>
+<a href="./getinvolved.html">Overview</a>
+</li>
+<li>
+<a href="./svn.html">SVN Repositories</a>
+</li>
+<li>
+<a href="./ci.html">Buildbot</a>
+</li>
+<li>
+<a href="https://reviews.apache.org/groups/tomcat/">Reviewboard</a>
+</li>
+<li>
+<a href="./tools.html">Tools</a>
+</li>
+</ul>
+</div>
+<div>
+<h2>
+<strong>Media</strong>
+</h2>
+<ul>
+<li>
+<a href="http://blogs.apache.org/tomcat/">Blog</a>
+</li>
+<li>
+<a href="http://twitter.com/theapachetomcat">Twitter</a>
+</li>
+</ul>
+</div>
+<div>
+<h2>
+<strong>Misc</strong>
+</h2>
+<ul>
+<li>
+<a href="./whoweare.html">Who We Are</a>
+</li>
+<li>
+<a href="./heritage.html">Heritage</a>
+</li>
+<li>
+<a href="http://www.apache.org">Apache Home</a>
+</li>
+<li>
+<a href="./resources.html">Resources</a>
+</li>
+<li>
+<a href="./contact.html">Contact</a>
+</li>
+<li>
+<a href="./legal.html">Legal</a>
+</li>
+<li>
+<a href="http://www.apache.org/foundation/sponsorship.html">Sponsorship</a>
+</li>
+<li>
+<a href="http://www.apache.org/foundation/thanks.html">Thanks</a>
+</li>
+</ul>
+</div>
+</nav>
+</div>
+</div>
+<div id="mainRight">
+<div id="content">
+<main>
+<h2 style="display: none;">Content</h2>
+<h3 id="Table_of_Contents">Table of Contents</h3>
+<div class="text">
+
+<ul>
+<li>
+<a href="#Apache_Tomcat_8.x_vulnerabilities">Apache Tomcat 8.x vulnerabilities</a>
+</li>
+<li>
+<a href="#Fixed_in_Apache_Tomcat_8.0.0-RC1">Fixed in Apache Tomcat 8.0.0-RC1</a>
+</li>
+<li>
+<a href="#Not_a_vulnerability_in_Tomcat">Not a vulnerability in Tomcat</a>
+</li>
+</ul>
+
+</div>
+<h3 id="Apache_Tomcat_8.x_vulnerabilities">Apache Tomcat 8.x vulnerabilities</h3>
+<div class="text">
+    
+<p>This page lists all security vulnerabilities fixed in released versions
        of Apache Tomcat 8.x. Each vulnerability is given a
        <a href="security-impact.html">security impact rating</a> by the Apache
        Tomcat security team &mdash; please note that this rating may vary from
@@ -10,11 +240,14 @@
        is known to affect, and where a flaw has not been verified list the
        version with a question mark.</p>
 
-    <p><strong>Note:</strong> Vulnerabilities that are not Tomcat vulnerabilities
+    
+<p>
+<strong>Note:</strong> Vulnerabilities that are not Tomcat vulnerabilities
        but have either been incorrectly reported against Tomcat or where Tomcat
        provides a workaround are listed at the end of this page.</p>
 
-    <p>Please note that binary patches are never provided. If you need to
+    
+<p>Please note that binary patches are never provided. If you need to
        apply a source code patch, use the building instructions for the
        Apache Tomcat version that you are using. For Tomcat 8.0 those are
        <a href="/tomcat-8.0-doc/building.html"><code>building.html</code></a> and
@@ -24,30 +257,56 @@
        <a href="/tomcat-8.0-doc/security-howto.html">Security Considerations</a>
        page in the documentation.</p>
 
-    <p>If you need help on building or configuring Tomcat or other help on
+    
+<p>If you need help on building or configuring Tomcat or other help on
        following the instructions to mitigate the known vulnerabilities listed
        here, please send your questions to the public
        <a href="lists.html">Tomcat Users mailing list</a>
-    </p>
+    
+</p>
 
-    <p>If you have encountered an unlisted security vulnerability or other
+    
+<p>If you have encountered an unlisted security vulnerability or other
        unexpected behaviour that has <a href="security-impact.html">security
        impact</a>, or if the descriptions here are incomplete,
        please report them privately to the
        <a href="security.html">Tomcat Security Team</a>. Thank you.
     </p>
 
-  </div><h3 id="Fixed_in_Apache_Tomcat_8.0.0-RC1"><span style="float: right;">released 5 August 2013</span> Fixed in Apache Tomcat 8.0.0-RC1</h3><div class="text">
+  
+</div>
+<h3 id="Fixed_in_Apache_Tomcat_8.0.0-RC1">
+<span style="float: right;">released 5 August 2013</span> Fixed in Apache Tomcat 8.0.0-RC1</h3>
+<div class="text">
 
-    <p>No reports</p>
     
-  </div><h3 id="Not_a_vulnerability_in_Tomcat">Not a vulnerability in Tomcat</h3><div class="text">
+<p>No reports</p>
+    
+  
+</div>
+<h3 id="Not_a_vulnerability_in_Tomcat">Not a vulnerability in Tomcat</h3>
+<div class="text">
 
-    <p>No reports</p>
+    
+<p>No reports</p>
 
-  </div></main></div></div></div></div><!--[if IE]><div id="footer"><![endif]--><!--[if !IE]>--><footer id="footer"><!--<![endif]-->
+  
+</div>
+</main>
+</div>
+</div>
+</div>
+</div>
+<!--[if IE]><div id="footer"><![endif]-->
+<!--[if !IE]>-->
+<footer id="footer">
+<!--<![endif]-->
     Copyright &copy; 1999-2013, The Apache Software Foundation
     <br>
     Apache Tomcat, Tomcat, Apache, the Apache feather, and the Apache Tomcat
     project logo are trademarks of the Apache Software Foundation.
-    <!--[if IE]></div><![endif]--><!--[if !IE]>--></footer><!--<![endif]--></div></body></html>
\ No newline at end of file
+    <!--[if IE]></div><![endif]--><!--[if !IE]>--></footer>
+<!--<![endif]-->
+</div>
+</body>
+</html>



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message