security-6.xml

markt Sat, 19 May 2007 07:50:22 -0700

Author: markt
Date: Sat May 19 07:49:57 2007
New Revision: 539764

URL: http://svn.apache.org/viewvc?view=rev&rev=539764
Log:
Add information on CVE-2007-1355


Modified:
    tomcat/site/trunk/docs/security-4.html
    tomcat/site/trunk/docs/security-5.html
    tomcat/site/trunk/docs/security-6.html
    tomcat/site/trunk/xdocs/security-4.xml
    tomcat/site/trunk/xdocs/security-5.xml
    tomcat/site/trunk/xdocs/security-6.xml

Modified: tomcat/site/trunk/docs/security-4.html
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-4.html?view=diff&rev=539764&r1=539763&r2=539764
==============================================================================
--- tomcat/site/trunk/docs/security-4.html (original)
+++ tomcat/site/trunk/docs/security-4.html Sat May 19 07:49:57 2007
@@ -261,6 +261,42 @@
 <p>
 <blockquote>
     <p>
+<strong>moderate: Cross-site scripting</strong>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1355";>
+       CVE-2007-1355</a>
+</p>
+
+    <p>The JSP and Servlet included in the sample application within the Tomcat
+       documentation webapp did not escape user provided data before including
+       it in the output. This enabled a XSS attack. These pages have been
+       simplified not to use any user provided data in the output.</p>
+
+    <p>Affects: 4.0.1-4.0.6, 4.1.0-4.1.36</p>
+  </blockquote>
+</p>
+</td>
+</tr>
+<tr>
+<td>
+<br/>
+</td>
+</tr>
+</table>
+<table border="0" cellspacing="0" cellpadding="2" width="100%">
+<tr>
+<td bgcolor="#525D76">
+<font color="#ffffff" face="arial,helvetica,sanserif">
+<a name="Fixed in Apache Tomcat 4.1.HEAD">
+<strong>Fixed in Apache Tomcat 4.1.HEAD</strong>
+</a>
+</font>
+</td>
+</tr>
+<tr>
+<td>
+<p>
+<blockquote>
+    <p>
 <strong>important: Information disclosure</strong>
        <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3164";>
        CVE-2005-3164</a>

Modified: tomcat/site/trunk/docs/security-5.html
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-5.html?view=diff&rev=539764&r1=539763&r2=539764
==============================================================================
--- tomcat/site/trunk/docs/security-5.html (original)
+++ tomcat/site/trunk/docs/security-5.html Sat May 19 07:49:57 2007
@@ -211,6 +211,42 @@
 <tr>
 <td bgcolor="#525D76">
 <font color="#ffffff" face="arial,helvetica,sanserif">
+<a name="Fixed in Apache Tomcat 5.5.HEAD, 5.0.HEAD">
+<strong>Fixed in Apache Tomcat 5.5.HEAD, 5.0.HEAD</strong>
+</a>
+</font>
+</td>
+</tr>
+<tr>
+<td>
+<p>
+<blockquote>
+    <p>
+<strong>moderate: Cross-site scripting</strong>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1355";>
+       CVE-2007-1355</a>
+</p>
+
+    <p>The JSP and Servlet included in the sample application within the Tomcat
+       documentation webapp did not escape user provided data before including
+       it in the output. This enabled a XSS attack. These pages have been
+       simplified not to use any user provided data in the output.</p>
+
+    <p>Affects: 5.0.0-5.0.30, 5.5.0-5.5.23</p>
+  </blockquote>
+</p>
+</td>
+</tr>
+<tr>
+<td>
+<br/>
+</td>
+</tr>
+</table>
+<table border="0" cellspacing="0" cellpadding="2" width="100%">
+<tr>
+<td bgcolor="#525D76">
+<font color="#ffffff" face="arial,helvetica,sanserif">
 <a name="Fixed in Apache Tomcat 5.5.23, 5.0.HEAD">
 <strong>Fixed in Apache Tomcat 5.5.23, 5.0.HEAD</strong>
 </a>

Modified: tomcat/site/trunk/docs/security-6.html
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-6.html?view=diff&rev=539764&r1=539763&r2=539764
==============================================================================
--- tomcat/site/trunk/docs/security-6.html (original)
+++ tomcat/site/trunk/docs/security-6.html Sat May 19 07:49:57 2007
@@ -211,8 +211,44 @@
 <tr>
 <td bgcolor="#525D76">
 <font color="#ffffff" face="arial,helvetica,sanserif">
-<a name="Fixed in Apache Tomcat 6.0.HEAD">
-<strong>Fixed in Apache Tomcat 6.0.HEAD</strong>
+<a name="Fixed in Apache Tomcat 6.0.11">
+<strong>Fixed in Apache Tomcat 6.0.11</strong>
+</a>
+</font>
+</td>
+</tr>
+<tr>
+<td>
+<p>
+<blockquote>
+    <p>
+<strong>moderate: Cross-site scripting</strong>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1355";>
+       CVE-2007-1355</a>
+</p>
+
+    <p>The JSP and Servlet included in the sample application within the Tomcat
+       documentation webapp did not escape user provided data before including
+       it in the output. This enabled a XSS attack. These pages have been
+       simplified not to use any user provided data in the output.</p>
+
+    <p>Affects: 6.0.0-6.0.10</p>
+  </blockquote>
+</p>
+</td>
+</tr>
+<tr>
+<td>
+<br/>
+</td>
+</tr>
+</table>
+<table border="0" cellspacing="0" cellpadding="2" width="100%">
+<tr>
+<td bgcolor="#525D76">
+<font color="#ffffff" face="arial,helvetica,sanserif">
+<a name="Fixed in Apache Tomcat 6.0.13">
+<strong>Fixed in Apache Tomcat 6.0.13</strong>
 </a>
 </font>
 </td>

Modified: tomcat/site/trunk/xdocs/security-4.xml
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-4.xml?view=diff&rev=539764&r1=539763&r2=539764
==============================================================================
--- tomcat/site/trunk/xdocs/security-4.xml (original)
+++ tomcat/site/trunk/xdocs/security-4.xml Sat May 19 07:49:57 2007
@@ -41,6 +41,19 @@
   </section>
 
   <section name="Fixed in Apache Tomcat 4.1.HEAD">
+    <p><strong>moderate: Cross-site scripting</strong>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1355";>
+       CVE-2007-1355</a></p>
+
+    <p>The JSP and Servlet included in the sample application within the Tomcat
+       documentation webapp did not escape user provided data before including
+       it in the output. This enabled a XSS attack. These pages have been
+       simplified not to use any user provided data in the output.</p>
+
+    <p>Affects: 4.0.1-4.0.6, 4.1.0-4.1.36</p>
+  </section>
+
+  <section name="Fixed in Apache Tomcat 4.1.HEAD">
     <p><strong>important: Information disclosure</strong>
        <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3164";>
        CVE-2005-3164</a></p>

Modified: tomcat/site/trunk/xdocs/security-5.xml
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-5.xml?view=diff&rev=539764&r1=539763&r2=539764
==============================================================================
--- tomcat/site/trunk/xdocs/security-5.xml (original)
+++ tomcat/site/trunk/xdocs/security-5.xml Sat May 19 07:49:57 2007
@@ -24,6 +24,19 @@
 
   </section>
 
+  <section name="Fixed in Apache Tomcat 5.5.HEAD, 5.0.HEAD">
+    <p><strong>moderate: Cross-site scripting</strong>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1355";>
+       CVE-2007-1355</a></p>
+
+    <p>The JSP and Servlet included in the sample application within the Tomcat
+       documentation webapp did not escape user provided data before including
+       it in the output. This enabled a XSS attack. These pages have been
+       simplified not to use any user provided data in the output.</p>
+
+    <p>Affects: 5.0.0-5.0.30, 5.5.0-5.5.23</p>
+  </section>
+
   <section name="Fixed in Apache Tomcat 5.5.23, 5.0.HEAD">
     <p><strong>important: Information disclosure</strong>
        <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2090";>

Modified: tomcat/site/trunk/xdocs/security-6.xml
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-6.xml?view=diff&rev=539764&r1=539763&r2=539764
==============================================================================
--- tomcat/site/trunk/xdocs/security-6.xml (original)
+++ tomcat/site/trunk/xdocs/security-6.xml Sat May 19 07:49:57 2007
@@ -24,7 +24,20 @@
 
   </section>
 
-  <section name="Fixed in Apache Tomcat 6.0.HEAD">
+  <section name="Fixed in Apache Tomcat 6.0.11">
+    <p><strong>moderate: Cross-site scripting</strong>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1355";>
+       CVE-2007-1355</a></p>
+
+    <p>The JSP and Servlet included in the sample application within the Tomcat
+       documentation webapp did not escape user provided data before including
+       it in the output. This enabled a XSS attack. These pages have been
+       simplified not to use any user provided data in the output.</p>
+
+    <p>Affects: 6.0.0-6.0.10</p>
+  </section>
+
+  <section name="Fixed in Apache Tomcat 6.0.13">
     <p><strong>important: Information disclosure</strong>
        <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2090";>
        CVE-2005-2090</a></p>



---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

svn commit: r539764 - in /tomcat/site/trunk: docs/security-4.html docs/security-5.html docs/security-6.html xdocs/security-4.xml xdocs/security-5.xml xdocs/security-6.xml

Reply via email to