Author: markt
Date: Wed Jun 13 19:20:24 2007
New Revision: 547089
URL: http://svn.apache.org/viewvc?view=rev&rev=547089
Log:
Add CVE-2007-2449 and CVE-2007-2450.
Modified:
tomcat/site/trunk/docs/security-4.html
tomcat/site/trunk/docs/security-5.html
tomcat/site/trunk/docs/security-6.html
tomcat/site/trunk/xdocs/security-4.xml
tomcat/site/trunk/xdocs/security-5.xml
tomcat/site/trunk/xdocs/security-6.xml
Modified: tomcat/site/trunk/docs/security-4.html
URL:
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-4.html?view=diff&rev=547089&r1=547088&r2=547089
==============================================================================
--- tomcat/site/trunk/docs/security-4.html (original)
+++ tomcat/site/trunk/docs/security-4.html Wed Jun 13 19:20:24 2007
@@ -261,6 +261,20 @@
<p>
<blockquote>
<p>
+<strong>important: Information disclosure</strong>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3164";>
+ CVE-2005-3164</a>
+</p>
+
+ <p>If a client specifies a Content-Length but disconnects before sending
+ any of the request body, the deprecated AJP connector processes the
+ request using the request body of the previous request. Users are
advised
+ to use the default, supported Coyote AJP connector which does not
exhibit
+ this issue.</p>
+
+ <p>Affects: 4.0.1-4.0.6, 4.1.0-4.1.36</p>
+
+ <p>
<strong>moderate: Cross-site scripting</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1355";>
CVE-2007-1355</a>
@@ -272,43 +286,37 @@
simplified not to use any user provided data in the output.</p>
<p>Affects: 4.0.1-4.0.6, 4.1.0-4.1.36</p>
- </blockquote>
+
+ <p>
+<strong>low: Cross-site scripting</strong>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2449";>
+ CVE-2007-2449</a>
</p>
-</td>
-</tr>
-<tr>
-<td>
-<br/>
-</td>
-</tr>
-</table>
-<table border="0" cellspacing="0" cellpadding="2" width="100%">
-<tr>
-<td bgcolor="#525D76">
-<font color="#ffffff" face="arial,helvetica,sanserif">
-<a name="Fixed in Apache Tomcat 4.1.HEAD">
-<strong>Fixed in Apache Tomcat 4.1.HEAD</strong>
-</a>
-</font>
-</td>
-</tr>
-<tr>
-<td>
-<p>
-<blockquote>
+
+ <p>JSPs within the examples web application did not escape user provided
+ data before including it in the output. This enabled a XSS attack. These
+ JSPs now filter the data before use. This issue may be mitigated by
+ undeploying the examples web application. Note that it is recommended
+ that the examples web application is not installed on a production
+ system.
+ </p>
+
+ <p>Affects: 4.0.0-4.0.6, 4.1.0-4.1.36</p>
+
<p>
-<strong>important: Information disclosure</strong>
- <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3164";>
- CVE-2005-3164</a>
+<strong>low: Cross-site scripting</strong>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2450";>
+ CVE-2007-2450</a>
</p>
- <p>If a client specifies a Content-Length but disconnects before sending
- any of the request body, the deprecated AJP connector processes the
- request using the request body of the previous request. Users are
advised
- to use the default, supported Coyote AJP connector which does not
exhibit
- this issue.</p>
+ <p>The Manager web application did not escape user provided data before
+ including it in the output. This enabled a XSS attack. This applciation
+ now filters the data before use. This issue may be mitigated by logging
+ out (closing the browser) of the application once the management tasks
+ have been completed.</p>
<p>Affects: 4.0.1-4.0.6, 4.1.0-4.1.36</p>
+
</blockquote>
</p>
</td>
Modified: tomcat/site/trunk/docs/security-5.html
URL:
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-5.html?view=diff&rev=547089&r1=547088&r2=547089
==============================================================================
--- tomcat/site/trunk/docs/security-5.html (original)
+++ tomcat/site/trunk/docs/security-5.html Wed Jun 13 19:20:24 2007
@@ -222,6 +222,60 @@
<p>
<blockquote>
<p>
+<strong>low: Cross-site scripting</strong>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2449";>
+ CVE-2007-2449</a>
+</p>
+
+ <p>JSPs within the examples web application did not escape user provided
+ data before including it in the output. This enabled a XSS attack. These
+ JSPs now filter the data before use. This issue may be mitigated by
+ undeploying the examples web application. Note that it is recommended
+ that the examples web application is not installed on a production
+ system.
+ </p>
+
+ <p>Affects: 5.0.0-5.0.30, 5.5.0-5.5.24</p>
+
+ <p>
+<strong>low: Cross-site scripting</strong>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2450";>
+ CVE-2007-2450</a>
+</p>
+
+ <p>The Manager and Host Manager web applications did not escape user
+ provided data before including it in the output. This enabled a XSS
+ attack. These applciations now filter the data before use. This issue
may
+ be mitigated by logging out (closing the browser) of the application
once
+ the management tasks have been completed.</p>
+
+ <p>Affects: 5.0.0-5.0.30, 5.5.0-5.5.24</p>
+
+ </blockquote>
+</p>
+</td>
+</tr>
+<tr>
+<td>
+<br/>
+</td>
+</tr>
+</table>
+<table border="0" cellspacing="0" cellpadding="2" width="100%">
+<tr>
+<td bgcolor="#525D76">
+<font color="#ffffff" face="arial,helvetica,sanserif">
+<a name="Fixed in Apache Tomcat 5.5.24, 5.0.HEAD">
+<strong>Fixed in Apache Tomcat 5.5.24, 5.0.HEAD</strong>
+</a>
+</font>
+</td>
+</tr>
+<tr>
+<td>
+<p>
+<blockquote>
+ <p>
<strong>moderate: Cross-site scripting</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1355";>
CVE-2007-1355</a>
@@ -233,6 +287,7 @@
simplified not to use any user provided data in the output.</p>
<p>Affects: 5.0.0-5.0.30, 5.5.0-5.5.23</p>
+
</blockquote>
</p>
</td>
Modified: tomcat/site/trunk/docs/security-6.html
URL:
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-6.html?view=diff&rev=547089&r1=547088&r2=547089
==============================================================================
--- tomcat/site/trunk/docs/security-6.html (original)
+++ tomcat/site/trunk/docs/security-6.html Wed Jun 13 19:20:24 2007
@@ -211,6 +211,59 @@
<tr>
<td bgcolor="#525D76">
<font color="#ffffff" face="arial,helvetica,sanserif">
+<a name="Fixed in Apache Tomcat 6.0.HEAD">
+<strong>Fixed in Apache Tomcat 6.0.HEAD</strong>
+</a>
+</font>
+</td>
+</tr>
+<tr>
+<td>
+<p>
+<blockquote>
+ <p>
+<strong>low: Cross-site scripting</strong>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2449";>
+ CVE-2007-2449</a>
+</p>
+
+ <p>JSPs within the examples web application did not escape user provided
+ data before including it in the output. This enabled a XSS attack. These
+ JSPs now filter the data before use. This issue may be mitigated by
+ undeploying the examples web application. Note that it is recommended
+ that the examples web application is not installed on a production
+ system.
+ </p>
+
+ <p>Affects: 6.0.0-6.0.13</p>
+
+ <p>
+<strong>low: Cross-site scripting</strong>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2450";>
+ CVE-2007-2450</a>
+</p>
+
+ <p>The Manager and Host Manager web applications did not escape user
+ provided data before including it in the output. This enabled a XSS
+ attack. These applciations now filter the data before use. This issue
may
+ be mitigated by logging out (closing the browser) of the application
once
+ the management tasks have been completed.</p>
+
+ <p>Affects: 6.0.0-6.0.13</p>
+ </blockquote>
+</p>
+</td>
+</tr>
+<tr>
+<td>
+<br/>
+</td>
+</tr>
+</table>
+<table border="0" cellspacing="0" cellpadding="2" width="100%">
+<tr>
+<td bgcolor="#525D76">
+<font color="#ffffff" face="arial,helvetica,sanserif">
<a name="Fixed in Apache Tomcat 6.0.11">
<strong>Fixed in Apache Tomcat 6.0.11</strong>
</a>
Modified: tomcat/site/trunk/xdocs/security-4.xml
URL:
http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-4.xml?view=diff&rev=547089&r1=547088&r2=547089
==============================================================================
--- tomcat/site/trunk/xdocs/security-4.xml (original)
+++ tomcat/site/trunk/xdocs/security-4.xml Wed Jun 13 19:20:24 2007
@@ -41,6 +41,18 @@
</section>
<section name="Fixed in Apache Tomcat 4.1.HEAD">
+ <p><strong>important: Information disclosure</strong>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3164";>
+ CVE-2005-3164</a></p>
+
+ <p>If a client specifies a Content-Length but disconnects before sending
+ any of the request body, the deprecated AJP connector processes the
+ request using the request body of the previous request. Users are
advised
+ to use the default, supported Coyote AJP connector which does not
exhibit
+ this issue.</p>
+
+ <p>Affects: 4.0.1-4.0.6, 4.1.0-4.1.36</p>
+
<p><strong>moderate: Cross-site scripting</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1355";>
CVE-2007-1355</a></p>
@@ -51,20 +63,33 @@
simplified not to use any user provided data in the output.</p>
<p>Affects: 4.0.1-4.0.6, 4.1.0-4.1.36</p>
- </section>
- <section name="Fixed in Apache Tomcat 4.1.HEAD">
- <p><strong>important: Information disclosure</strong>
- <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3164";>
- CVE-2005-3164</a></p>
+ <p><strong>low: Cross-site scripting</strong>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2449";>
+ CVE-2007-2449</a></p>
- <p>If a client specifies a Content-Length but disconnects before sending
- any of the request body, the deprecated AJP connector processes the
- request using the request body of the previous request. Users are
advised
- to use the default, supported Coyote AJP connector which does not
exhibit
- this issue.</p>
+ <p>JSPs within the examples web application did not escape user provided
+ data before including it in the output. This enabled a XSS attack. These
+ JSPs now filter the data before use. This issue may be mitigated by
+ undeploying the examples web application. Note that it is recommended
+ that the examples web application is not installed on a production
+ system.
+ </p>
+
+ <p>Affects: 4.0.0-4.0.6, 4.1.0-4.1.36</p>
+
+ <p><strong>low: Cross-site scripting</strong>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2450";>
+ CVE-2007-2450</a></p>
+
+ <p>The Manager web application did not escape user provided data before
+ including it in the output. This enabled a XSS attack. This applciation
+ now filters the data before use. This issue may be mitigated by logging
+ out (closing the browser) of the application once the management tasks
+ have been completed.</p>
<p>Affects: 4.0.1-4.0.6, 4.1.0-4.1.36</p>
+
</section>
<section name="Fixed in Apache Tomcat 4.1.36">
Modified: tomcat/site/trunk/xdocs/security-5.xml
URL:
http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-5.xml?view=diff&rev=547089&r1=547088&r2=547089
==============================================================================
--- tomcat/site/trunk/xdocs/security-5.xml (original)
+++ tomcat/site/trunk/xdocs/security-5.xml Wed Jun 13 19:20:24 2007
@@ -25,6 +25,35 @@
</section>
<section name="Fixed in Apache Tomcat 5.5.HEAD, 5.0.HEAD">
+ <p><strong>low: Cross-site scripting</strong>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2449";>
+ CVE-2007-2449</a></p>
+
+ <p>JSPs within the examples web application did not escape user provided
+ data before including it in the output. This enabled a XSS attack. These
+ JSPs now filter the data before use. This issue may be mitigated by
+ undeploying the examples web application. Note that it is recommended
+ that the examples web application is not installed on a production
+ system.
+ </p>
+
+ <p>Affects: 5.0.0-5.0.30, 5.5.0-5.5.24</p>
+
+ <p><strong>low: Cross-site scripting</strong>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2450";>
+ CVE-2007-2450</a></p>
+
+ <p>The Manager and Host Manager web applications did not escape user
+ provided data before including it in the output. This enabled a XSS
+ attack. These applciations now filter the data before use. This issue
may
+ be mitigated by logging out (closing the browser) of the application
once
+ the management tasks have been completed.</p>
+
+ <p>Affects: 5.0.0-5.0.30, 5.5.0-5.5.24</p>
+
+ </section>
+
+ <section name="Fixed in Apache Tomcat 5.5.24, 5.0.HEAD">
<p><strong>moderate: Cross-site scripting</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1355";>
CVE-2007-1355</a></p>
@@ -35,6 +64,7 @@
simplified not to use any user provided data in the output.</p>
<p>Affects: 5.0.0-5.0.30, 5.5.0-5.5.23</p>
+
</section>
<section name="Fixed in Apache Tomcat 5.5.23, 5.0.HEAD">
Modified: tomcat/site/trunk/xdocs/security-6.xml
URL:
http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-6.xml?view=diff&rev=547089&r1=547088&r2=547089
==============================================================================
--- tomcat/site/trunk/xdocs/security-6.xml (original)
+++ tomcat/site/trunk/xdocs/security-6.xml Wed Jun 13 19:20:24 2007
@@ -24,6 +24,34 @@
</section>
+ <section name="Fixed in Apache Tomcat 6.0.HEAD">
+ <p><strong>low: Cross-site scripting</strong>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2449";>
+ CVE-2007-2449</a></p>
+
+ <p>JSPs within the examples web application did not escape user provided
+ data before including it in the output. This enabled a XSS attack. These
+ JSPs now filter the data before use. This issue may be mitigated by
+ undeploying the examples web application. Note that it is recommended
+ that the examples web application is not installed on a production
+ system.
+ </p>
+
+ <p>Affects: 6.0.0-6.0.13</p>
+
+ <p><strong>low: Cross-site scripting</strong>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2450";>
+ CVE-2007-2450</a></p>
+
+ <p>The Manager and Host Manager web applications did not escape user
+ provided data before including it in the output. This enabled a XSS
+ attack. These applciations now filter the data before use. This issue
may
+ be mitigated by logging out (closing the browser) of the application
once
+ the management tasks have been completed.</p>
+
+ <p>Affects: 6.0.0-6.0.13</p>
+ </section>
+
<section name="Fixed in Apache Tomcat 6.0.11">
<p><strong>moderate: Cross-site scripting</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1355";>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
