Author: markt
Date: Sun Apr 1 09:32:52 2007
New Revision: 524626
URL: http://svn.apache.org/viewvc?view=rev&rev=524626
Log:
More tomcat 3 issues.
Modified:
tomcat/site/trunk/docs/security-3.html
tomcat/site/trunk/xdocs/security-3.xml
Modified: tomcat/site/trunk/docs/security-3.html
URL:
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-3.html?view=diff&rev=524626&r1=524625&r2=524626
==============================================================================
--- tomcat/site/trunk/docs/security-3.html (original)
+++ tomcat/site/trunk/docs/security-3.html Sun Apr 1 09:32:52 2007
@@ -469,6 +469,52 @@
attacks using specially crafted URLs.</p>
<p>Affects: 3.0, 3.1-3.1.1, 3.2-3.2.1</p>
+
+ <p>
+<strong>moderate: Information disclosure</strong>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0590";>
+ CVE-2001-0590</a>
+<br/>
+</p>
+
+ <p>A specially crafted URL can be used to obtain the source for JSPs.</p>
+
+ <p>Affects: 3.0, 3.1-3.1.1, 3.2-3.2.1</p>
+ </blockquote>
+</p>
+</td>
+</tr>
+<tr>
+<td>
+<br/>
+</td>
+</tr>
+</table>
+<table border="0" cellspacing="0" cellpadding="2" width="100%">
+<tr>
+<td bgcolor="#525D76">
+<font color="#ffffff" face="arial,helvetica,sanserif">
+<a name="Fixed in Apache Tomcat 3.1">
+<strong>Fixed in Apache Tomcat 3.1</strong>
+</a>
+</font>
+</td>
+</tr>
+<tr>
+<td>
+<p>
+<blockquote>
+ <p>
+<strong>important: Information disclosure</strong>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1210";>
+ CVE-2001-0590</a>
+<br/>
+</p>
+
+ <p>source.jsp, provided as part of the examples, allows an attacker to read
+ arbitary files via a .. (dot dot) in the argument to source.jsp.</p>
+
+ <p>Affects: 3.0</p>
</blockquote>
</p>
</td>
Modified: tomcat/site/trunk/xdocs/security-3.xml
URL:
http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-3.xml?view=diff&rev=524626&r1=524625&r2=524626
==============================================================================
--- tomcat/site/trunk/xdocs/security-3.xml (original)
+++ tomcat/site/trunk/xdocs/security-3.xml Sun Apr 1 09:32:52 2007
@@ -128,6 +128,25 @@
attacks using specially crafted URLs.</p>
<p>Affects: 3.0, 3.1-3.1.1, 3.2-3.2.1</p>
+
+ <p><strong>moderate: Information disclosure</strong>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0590";>
+ CVE-2001-0590</a><br/></p>
+
+ <p>A specially crafted URL can be used to obtain the source for JSPs.</p>
+
+ <p>Affects: 3.0, 3.1-3.1.1, 3.2-3.2.1</p>
+ </section>
+
+ <section name="Fixed in Apache Tomcat 3.1">
+ <p><strong>important: Information disclosure</strong>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1210";>
+ CVE-2001-0590</a><br/></p>
+
+ <p>source.jsp, provided as part of the examples, allows an attacker to read
+ arbitary files via a .. (dot dot) in the argument to source.jsp.</p>
+
+ <p>Affects: 3.0</p>
</section>
</body>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
