svn commit: r514035 - in /tomcat/site/trunk/xdocs: security-jk.xml security.xml

[markt]

Author: markt
Date: Fri Mar  2 16:58:38 2007
New Revision: 514035

URL: http://svn.apache.org/viewvc?view=rev&rev=514035
Log:
Add JK vulnerability list, including recently announced issue.
Odd. This were missed in last commit.

Added:
    tomcat/site/trunk/xdocs/security-jk.xml   (with props)
Modified:
    tomcat/site/trunk/xdocs/security.xml

Added: tomcat/site/trunk/xdocs/security-jk.xml
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-jk.xml?view=auto&rev=514035
==============================================================================
--- tomcat/site/trunk/xdocs/security-jk.xml (added)
+++ tomcat/site/trunk/xdocs/security-jk.xml Fri Mar  2 16:58:38 2007
@@ -0,0 +1,42 @@
+<?xml version="1.0"?>
+<document>
+
+  <properties>
+    <author>Apache Tomcat Project</author>
+    <title>Apache Tomcat 6.x vulnerabilities</title>
+  </properties>
+
+<body>
+
+  <section name="Apache Tomcat JK Connectors vulnerabilities">
+    <p>This page lists all security vulnerabilities fixed in released versions
+       of Apache Tomcat Jk Connectors. Each vulnerability is given a
+       <a href="security-impact.html">security impact rating</a> by the Apache
+       Tomcat security team - please note that this rating may vary from
+       platform to platform. We also list the versions of Apache Tomcat JK
+       Connectors the flaw is known to affect, and where a flaw has not been
+       verified list the version with a question mark.</p>
+
+    <p>This page has been created from a review of the Apache Tomcat archives
+       and the CVE list. Please send comments or corrections for these
+       vulnerabilities to the <a href="mailto:[EMAIL PROTECTED]">Tomcat
+       Security Team</a>.</p>
+
+  </section>
+
+  <section name="Fixed in Apache Tomcat JK Connector 1.2.21">
+    <p><strong>critical: Arbitary code execution and denial of service</strong>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0774";>
+       CVE-2007-0774</a></p>
+
+    <p>An unsafe memory copy in the URI handler for the native JK connector
+       could result in a stackoverflow condition which could be leveraged to
+       execute arbitary code or crash the web server.</p>
+
+    <p>Affects: JK 1.2.19-1.2.20<br/>
+       Source shipped with: Tomcat 4.1.34, 5.5.20</p>
+
+  </section>
+</body>
+</document>
+

Propchange: tomcat/site/trunk/xdocs/security-jk.xml
------------------------------------------------------------------------------
    svn:eol-style = native

Modified: tomcat/site/trunk/xdocs/security.xml
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security.xml?view=diff&rev=514035&r1=514034&r2=514035
==============================================================================
--- tomcat/site/trunk/xdocs/security.xml (original)
+++ tomcat/site/trunk/xdocs/security.xml Fri Mar  2 16:58:38 2007
@@ -21,6 +21,8 @@
           </a></li>
       <li><a href="security-3.html">Apache Tomcat 3.x Security Vulnerabilitites
           </a></li>
+      <li><a href="security-jk.html">Apache Tomcat JK Connectors Security
+          Vulnerabilitites</a></li>
     </ul>
   </section>
 



---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]