Author: markt Date: Sun Apr 1 09:32:52 2007 New Revision: 524626 URL: http://svn.apache.org/viewvc?view=rev&rev=524626 Log: More tomcat 3 issues.
Modified: tomcat/site/trunk/docs/security-3.html tomcat/site/trunk/xdocs/security-3.xml Modified: tomcat/site/trunk/docs/security-3.html URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-3.html?view=diff&rev=524626&r1=524625&r2=524626 ============================================================================== --- tomcat/site/trunk/docs/security-3.html (original) +++ tomcat/site/trunk/docs/security-3.html Sun Apr 1 09:32:52 2007 @@ -469,6 +469,52 @@ attacks using specially crafted URLs.</p> <p>Affects: 3.0, 3.1-3.1.1, 3.2-3.2.1</p> + + <p> +<strong>moderate: Information disclosure</strong> + <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0590";> + CVE-2001-0590</a> +<br/> +</p> + + <p>A specially crafted URL can be used to obtain the source for JSPs.</p> + + <p>Affects: 3.0, 3.1-3.1.1, 3.2-3.2.1</p> + </blockquote> +</p> +</td> +</tr> +<tr> +<td> +<br/> +</td> +</tr> +</table> +<table border="0" cellspacing="0" cellpadding="2" width="100%"> +<tr> +<td bgcolor="#525D76"> +<font color="#ffffff" face="arial,helvetica,sanserif"> +<a name="Fixed in Apache Tomcat 3.1"> +<strong>Fixed in Apache Tomcat 3.1</strong> +</a> +</font> +</td> +</tr> +<tr> +<td> +<p> +<blockquote> + <p> +<strong>important: Information disclosure</strong> + <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1210";> + CVE-2001-0590</a> +<br/> +</p> + + <p>source.jsp, provided as part of the examples, allows an attacker to read + arbitary files via a .. (dot dot) in the argument to source.jsp.</p> + + <p>Affects: 3.0</p> </blockquote> </p> </td> Modified: tomcat/site/trunk/xdocs/security-3.xml URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-3.xml?view=diff&rev=524626&r1=524625&r2=524626 ============================================================================== --- tomcat/site/trunk/xdocs/security-3.xml (original) +++ tomcat/site/trunk/xdocs/security-3.xml Sun Apr 1 09:32:52 2007 @@ -128,6 +128,25 @@ attacks using specially crafted URLs.</p> <p>Affects: 3.0, 3.1-3.1.1, 3.2-3.2.1</p> + + <p><strong>moderate: Information disclosure</strong> + <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0590";> + CVE-2001-0590</a><br/></p> + + <p>A specially crafted URL can be used to obtain the source for JSPs.</p> + + <p>Affects: 3.0, 3.1-3.1.1, 3.2-3.2.1</p> + </section> + + <section name="Fixed in Apache Tomcat 3.1"> + <p><strong>important: Information disclosure</strong> + <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1210";> + CVE-2001-0590</a><br/></p> + + <p>source.jsp, provided as part of the examples, allows an attacker to read + arbitary files via a .. (dot dot) in the argument to source.jsp.</p> + + <p>Affects: 3.0</p> </section> </body> --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]