Return-Path: X-Original-To: apmail-tomcat-dev-archive@www.apache.org Delivered-To: apmail-tomcat-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id D63CC10B68 for ; Wed, 25 Dec 2013 20:56:08 +0000 (UTC) Received: (qmail 88484 invoked by uid 500); 25 Dec 2013 20:56:08 -0000 Delivered-To: apmail-tomcat-dev-archive@tomcat.apache.org Received: (qmail 88427 invoked by uid 500); 25 Dec 2013 20:56:08 -0000 Mailing-List: contact dev-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Developers List" Delivered-To: mailing list dev@tomcat.apache.org Received: (qmail 88418 invoked by uid 99); 25 Dec 2013 20:56:07 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 25 Dec 2013 20:56:07 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=5.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 25 Dec 2013 20:56:05 +0000 Received: from eris.apache.org (localhost [127.0.0.1]) by eris.apache.org (Postfix) with ESMTP id C1D5C23889E2 for ; Wed, 25 Dec 2013 20:55:43 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r1553415 - in /tomcat/site/trunk: docs/security-4.html docs/security-5.html docs/security-6.html xdocs/security-4.xml xdocs/security-5.xml xdocs/security-6.xml Date: Wed, 25 Dec 2013 20:55:43 -0000 To: dev@tomcat.apache.org From: kkolinko@apache.org X-Mailer: svnmailer-1.0.9 Message-Id: <20131225205543.C1D5C23889E2@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Author: kkolinko Date: Wed Dec 25 20:55:43 2013 New Revision: 1553415 URL: http://svn.apache.org/r1553415 Log: Correct one more typo noted when reviewing r1520260 Modified: tomcat/site/trunk/docs/security-4.html tomcat/site/trunk/docs/security-5.html tomcat/site/trunk/docs/security-6.html tomcat/site/trunk/xdocs/security-4.xml tomcat/site/trunk/xdocs/security-5.xml tomcat/site/trunk/xdocs/security-6.xml Modified: tomcat/site/trunk/docs/security-4.html URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-4.html?rev=1553415&r1=1553414&r2=1553415&view=diff ============================================================================== --- tomcat/site/trunk/docs/security-4.html (original) +++ tomcat/site/trunk/docs/security-4.html Wed Dec 25 20:55:43 2013 @@ -623,7 +623,7 @@ process a sequence of requests where one or more requests contain multiple content-length headers and several components do not reject the request and make different decisions as to which - content-length leader to use an attacker can poison a web-cache, perform + content-length header to use an attacker can poison a web-cache, perform an XSS attack and obtain senstive information from requests other then their own. Tomcat now returns 400 for requests with multiple content-length headers. Modified: tomcat/site/trunk/docs/security-5.html URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-5.html?rev=1553415&r1=1553414&r2=1553415&view=diff ============================================================================== --- tomcat/site/trunk/docs/security-5.html (original) +++ tomcat/site/trunk/docs/security-5.html Wed Dec 25 20:55:43 2013 @@ -1240,7 +1240,7 @@ process a sequence of requests where one or more requests contain multiple content-length headers and several components do not reject the request and make different decisions as to which - content-length leader to use an attacker can poison a web-cache, perform + content-length header to use an attacker can poison a web-cache, perform an XSS attack and obtain senstive information from requests other then their own. Tomcat now returns 400 for requests with multiple content-length headers. Modified: tomcat/site/trunk/docs/security-6.html URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-6.html?rev=1553415&r1=1553414&r2=1553415&view=diff ============================================================================== --- tomcat/site/trunk/docs/security-6.html (original) +++ tomcat/site/trunk/docs/security-6.html Wed Dec 25 20:55:43 2013 @@ -1507,7 +1507,7 @@ process a sequence of requests where one or more requests contain multiple content-length headers and several components do not reject the request and make different decisions as to which - content-length leader to use an attacker can poison a web-cache, perform + content-length header to use an attacker can poison a web-cache, perform an XSS attack and obtain senstive information from requests other then their own. Tomcat now returns 400 for requests with multiple content-length headers. Modified: tomcat/site/trunk/xdocs/security-4.xml URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-4.xml?rev=1553415&r1=1553414&r2=1553415&view=diff ============================================================================== --- tomcat/site/trunk/xdocs/security-4.xml (original) +++ tomcat/site/trunk/xdocs/security-4.xml Wed Dec 25 20:55:43 2013 @@ -272,7 +272,7 @@ process a sequence of requests where one or more requests contain multiple content-length headers and several components do not reject the request and make different decisions as to which - content-length leader to use an attacker can poison a web-cache, perform + content-length header to use an attacker can poison a web-cache, perform an XSS attack and obtain senstive information from requests other then their own. Tomcat now returns 400 for requests with multiple content-length headers. Modified: tomcat/site/trunk/xdocs/security-5.xml URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-5.xml?rev=1553415&r1=1553414&r2=1553415&view=diff ============================================================================== --- tomcat/site/trunk/xdocs/security-5.xml (original) +++ tomcat/site/trunk/xdocs/security-5.xml Wed Dec 25 20:55:43 2013 @@ -699,7 +699,7 @@ process a sequence of requests where one or more requests contain multiple content-length headers and several components do not reject the request and make different decisions as to which - content-length leader to use an attacker can poison a web-cache, perform + content-length header to use an attacker can poison a web-cache, perform an XSS attack and obtain senstive information from requests other then their own. Tomcat now returns 400 for requests with multiple content-length headers. Modified: tomcat/site/trunk/xdocs/security-6.xml URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-6.xml?rev=1553415&r1=1553414&r2=1553415&view=diff ============================================================================== --- tomcat/site/trunk/xdocs/security-6.xml (original) +++ tomcat/site/trunk/xdocs/security-6.xml Wed Dec 25 20:55:43 2013 @@ -883,7 +883,7 @@ process a sequence of requests where one or more requests contain multiple content-length headers and several components do not reject the request and make different decisions as to which - content-length leader to use an attacker can poison a web-cache, perform + content-length header to use an attacker can poison a web-cache, perform an XSS attack and obtain senstive information from requests other then their own. Tomcat now returns 400 for requests with multiple content-length headers. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org For additional commands, e-mail: dev-help@tomcat.apache.org