Return-Path:
Delivered-To: apmail-tomcat-dev-archive@www.apache.org
Received: (qmail 81594 invoked from network); 1 Apr 2007 16:33:18 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2)
by minotaur.apache.org with SMTP; 1 Apr 2007 16:33:18 -0000
Received: (qmail 49884 invoked by uid 500); 1 Apr 2007 16:33:24 -0000
Delivered-To: apmail-tomcat-dev-archive@tomcat.apache.org
Received: (qmail 48955 invoked by uid 500); 1 Apr 2007 16:33:22 -0000
Mailing-List: contact dev-help@tomcat.apache.org; run by ezmlm
Precedence: bulk
List-Help:
List-Unsubscribe:
List-Post:
List-Id:
Reply-To: "Tomcat Developers List"
Delivered-To: mailing list dev@tomcat.apache.org
Received: (qmail 48944 invoked by uid 500); 1 Apr 2007 16:33:22 -0000
Delivered-To: apmail-jakarta-tomcat-dev@jakarta.apache.org
Received: (qmail 48941 invoked by uid 99); 1 Apr 2007 16:33:22 -0000
Received: from herse.apache.org (HELO herse.apache.org) (140.211.11.133)
by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 01 Apr 2007 09:33:22 -0700
X-ASF-Spam-Status: No, hits=-99.5 required=10.0
tests=ALL_TRUSTED,NO_REAL_NAME
X-Spam-Check-By: apache.org
Received: from [140.211.11.3] (HELO eris.apache.org) (140.211.11.3)
by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 01 Apr 2007 09:33:14 -0700
Received: by eris.apache.org (Postfix, from userid 65534)
id F3FD71A983E; Sun, 1 Apr 2007 09:32:53 -0700 (PDT)
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: svn commit: r524626 - in /tomcat/site/trunk: docs/security-3.html
xdocs/security-3.xml
Date: Sun, 01 Apr 2007 16:32:53 -0000
To: tomcat-dev@jakarta.apache.org
From: markt@apache.org
X-Mailer: svnmailer-1.1.0
Message-Id: <20070401163253.F3FD71A983E@eris.apache.org>
X-Virus-Checked: Checked by ClamAV on apache.org
Author: markt
Date: Sun Apr 1 09:32:52 2007
New Revision: 524626
URL: http://svn.apache.org/viewvc?view=rev&rev=524626
Log:
More tomcat 3 issues.
Modified:
tomcat/site/trunk/docs/security-3.html
tomcat/site/trunk/xdocs/security-3.xml
Modified: tomcat/site/trunk/docs/security-3.html
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-3.html?view=diff&rev=524626&r1=524625&r2=524626
==============================================================================
--- tomcat/site/trunk/docs/security-3.html (original)
+++ tomcat/site/trunk/docs/security-3.html Sun Apr 1 09:32:52 2007
@@ -469,6 +469,52 @@
attacks using specially crafted URLs.
Affects: 3.0, 3.1-3.1.1, 3.2-3.2.1
+
+
+moderate: Information disclosure
+
+ CVE-2001-0590
+
+
+
+ A specially crafted URL can be used to obtain the source for JSPs.
+
+ Affects: 3.0, 3.1-3.1.1, 3.2-3.2.1
+
+
+
+
+
+
+
+ |
+
+
+
+
+
+
+
+Fixed in Apache Tomcat 3.1
+
+
+ |
+
+
+
+
+
+
+important: Information disclosure
+
+ CVE-2001-0590
+
+
+
+ source.jsp, provided as part of the examples, allows an attacker to read
+ arbitary files via a .. (dot dot) in the argument to source.jsp.
+
+ Affects: 3.0
|
Modified: tomcat/site/trunk/xdocs/security-3.xml
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-3.xml?view=diff&rev=524626&r1=524625&r2=524626
==============================================================================
--- tomcat/site/trunk/xdocs/security-3.xml (original)
+++ tomcat/site/trunk/xdocs/security-3.xml Sun Apr 1 09:32:52 2007
@@ -128,6 +128,25 @@
attacks using specially crafted URLs.
Affects: 3.0, 3.1-3.1.1, 3.2-3.2.1
+
+ moderate: Information disclosure
+
+ CVE-2001-0590
+
+ A specially crafted URL can be used to obtain the source for JSPs.
+
+ Affects: 3.0, 3.1-3.1.1, 3.2-3.2.1
+
+
+
+ important: Information disclosure
+
+ CVE-2001-0590
+
+ source.jsp, provided as part of the examples, allows an attacker to read
+ arbitary files via a .. (dot dot) in the argument to source.jsp.
+
+ Affects: 3.0