svn commit: r521970 - in /tomcat/site/trunk: docs/security-4.html xdocs/security-4.xml

Fri, 23 Mar 2007 19:13:03 -0800 

Author: markt
Date: Fri Mar 23 20:12:35 2007
New Revision: 521970

URL: http://svn.apache.org/viewvc?view=rev&rev=521970
Log:
Add information on cve-2002-1895

Modified:
    tomcat/site/trunk/docs/security-4.html
    tomcat/site/trunk/xdocs/security-4.xml

Modified: tomcat/site/trunk/docs/security-4.html
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-4.html?view=diff&rev=521970&r1=521969&r2=521970
==============================================================================
--- tomcat/site/trunk/docs/security-4.html (original)
+++ tomcat/site/trunk/docs/security-4.html Fri Mar 23 20:12:35 2007
@@ -449,6 +449,21 @@
        onwards.</p>
 
     <p>Affects: 4.0.3?</p>
+
+    <p>
+<strong>important: Denial of service</strong>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1895";>
+       CVE-2002-1895</a>
+<br/>
+</p>
+
+    <p>This issue only affects configurations that use IIS in conjunction with
+       Tomcat and the AJP1.3 connector. It can not be reproduced using Windows
+       2000 SP4 with latest patches and Tomcat 4.0.4 with JDK 1.3.1. The
+       vulnerability reports for this issue state that it is fixed in 4.1.10
+       onwards.</p>
+
+    <p>Affects: 4.0.4?</p>
   </blockquote>
 </p>
 </td>

Modified: tomcat/site/trunk/xdocs/security-4.xml
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-4.xml?view=diff&rev=521970&r1=521969&r2=521970
==============================================================================
--- tomcat/site/trunk/xdocs/security-4.xml (original)
+++ tomcat/site/trunk/xdocs/security-4.xml Fri Mar 23 20:12:35 2007
@@ -152,6 +152,18 @@
        onwards.</p>
 
     <p>Affects: 4.0.3?</p>
+
+    <p><strong>important: Denial of service</strong>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1895";>
+       CVE-2002-1895</a><br/></p>
+
+    <p>This issue only affects configurations that use IIS in conjunction with
+       Tomcat and the AJP1.3 connector. It can not be reproduced using Windows
+       2000 SP4 with latest patches and Tomcat 4.0.4 with JDK 1.3.1. The
+       vulnerability reports for this issue state that it is fixed in 4.1.10
+       onwards.</p>
+
+    <p>Affects: 4.0.4?</p>
   </section>
 </body>
 </document>



---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to