svn commit: r606599 - in /tomcat/site/trunk: docs/security-5.html docs/security-6.html xdocs/security-5.xml xdocs/security-6.xml

Sun, 23 Dec 2007 11:31:45 -0800 

Author: markt
Date: Sun Dec 23 11:31:11 2007
New Revision: 606599

URL: http://svn.apache.org/viewvc?rev=606599&view=rev
Log:
Add info for CVE-2007-5342

Modified:
    tomcat/site/trunk/docs/security-5.html
    tomcat/site/trunk/docs/security-6.html
    tomcat/site/trunk/xdocs/security-5.xml
    tomcat/site/trunk/xdocs/security-6.xml

Modified: tomcat/site/trunk/docs/security-5.html
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-5.html?rev=606599&r1=606598&r2=606599&view=diff
==============================================================================
--- tomcat/site/trunk/docs/security-5.html (original)
+++ tomcat/site/trunk/docs/security-5.html Sun Dec 23 11:31:11 2007
@@ -222,8 +222,46 @@
 <tr>
 <td bgcolor="#525D76">
 <font color="#ffffff" face="arial,helvetica,sanserif">
-<a name="Fixed in Apache Tomcat 5.5.SVN">
-<strong>Fixed in Apache Tomcat 5.5.SVN</strong>
+<a name="Fixed in SVN trunk and proposed for inclusion in 5.5.x">
+<strong>Fixed in SVN trunk and proposed for inclusion in 5.5.x</strong>
+</a>
+</font>
+</td>
+</tr>
+<tr>
+<td>
+<p>
+<blockquote>
+    <p>
+<strong>low: Elevated privileges</strong>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5342";>
+       CVE-2007-5342</a>
+</p>
+
+    <p>The JULI logging component allows web applications to provide their own
+       logging configurations. The default security policy does not restrict
+       this configuration and allows an untrusted web application to add files
+       or overwrite existing files where the Tomcat process has the necessary
+       file permissions to do so.</p>
+
+    <p>Affects: 5.5.9-5.5.25</p>
+
+  </blockquote>
+</p>
+</td>
+</tr>
+<tr>
+<td>
+<br/>
+</td>
+</tr>
+</table>
+<table border="0" cellspacing="0" cellpadding="2" width="100%">
+<tr>
+<td bgcolor="#525D76">
+<font color="#ffffff" face="arial,helvetica,sanserif">
+<a name="Fixed in Apache Tomcat 5.5.SVN for inclusion in next release">
+<strong>Fixed in Apache Tomcat 5.5.SVN for inclusion in next release</strong>
 </a>
 </font>
 </td>

Modified: tomcat/site/trunk/docs/security-6.html
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-6.html?rev=606599&r1=606598&r2=606599&view=diff
==============================================================================
--- tomcat/site/trunk/docs/security-6.html (original)
+++ tomcat/site/trunk/docs/security-6.html Sun Dec 23 11:31:11 2007
@@ -218,8 +218,46 @@
 <tr>
 <td bgcolor="#525D76">
 <font color="#ffffff" face="arial,helvetica,sanserif">
-<a name="Fixed in Apache Tomcat 6.0.SVN ">
-<strong>Fixed in Apache Tomcat 6.0.SVN </strong>
+<a name="Fixed in SVN trunk and proposed for inclusion in 6.0.x">
+<strong>Fixed in SVN trunk and proposed for inclusion in 6.0.x</strong>
+</a>
+</font>
+</td>
+</tr>
+<tr>
+<td>
+<p>
+<blockquote>
+    <p>
+<strong>low: Elevated privileges</strong>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5342";>
+       CVE-2007-5342</a>
+</p>
+
+    <p>The JULI logging component allows web applications to provide their own
+       logging configurations. The default security policy does not restrict
+       this configuration and allows an untrusted web application to add files
+       or overwrite existing files where the Tomcat process has the necessary
+       file permissions to do so.</p>
+
+    <p>Affects: 6.0.0-6.0.15</p>
+
+  </blockquote>
+</p>
+</td>
+</tr>
+<tr>
+<td>
+<br/>
+</td>
+</tr>
+</table>
+<table border="0" cellspacing="0" cellpadding="2" width="100%">
+<tr>
+<td bgcolor="#525D76">
+<font color="#ffffff" face="arial,helvetica,sanserif">
+<a name="Fixed in Apache Tomcat 6.0.SVN for inclusion in next release">
+<strong>Fixed in Apache Tomcat 6.0.SVN for inclusion in next release</strong>
 </a>
 </font>
 </td>

Modified: tomcat/site/trunk/xdocs/security-5.xml
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-5.xml?rev=606599&r1=606598&r2=606599&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/security-5.xml (original)
+++ tomcat/site/trunk/xdocs/security-5.xml Sun Dec 23 11:31:11 2007
@@ -28,7 +28,22 @@
 
   </section>
 
-  <section name="Fixed in Apache Tomcat 5.5.SVN">
+  <section name="Fixed in SVN trunk and proposed for inclusion in 5.5.x">
+    <p><strong>low: Elevated privileges</strong>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5342";>
+       CVE-2007-5342</a></p>
+
+    <p>The JULI logging component allows web applications to provide their own
+       logging configurations. The default security policy does not restrict
+       this configuration and allows an untrusted web application to add files
+       or overwrite existing files where the Tomcat process has the necessary
+       file permissions to do so.</p>
+
+    <p>Affects: 5.5.9-5.5.25</p>
+
+  </section>
+
+  <section name="Fixed in Apache Tomcat 5.5.SVN for inclusion in next release">
     <p><strong>important: Information disclosure</strong>
        <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5461";>
        CVE-2007-5461</a></p>

Modified: tomcat/site/trunk/xdocs/security-6.xml
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-6.xml?rev=606599&r1=606598&r2=606599&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/security-6.xml (original)
+++ tomcat/site/trunk/xdocs/security-6.xml Sun Dec 23 11:31:11 2007
@@ -24,7 +24,22 @@
 
   </section>
 
-  <section name="Fixed in Apache Tomcat 6.0.SVN ">
+  <section name="Fixed in SVN trunk and proposed for inclusion in 6.0.x">
+    <p><strong>low: Elevated privileges</strong>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5342";>
+       CVE-2007-5342</a></p>
+
+    <p>The JULI logging component allows web applications to provide their own
+       logging configurations. The default security policy does not restrict
+       this configuration and allows an untrusted web application to add files
+       or overwrite existing files where the Tomcat process has the necessary
+       file permissions to do so.</p>
+
+    <p>Affects: 6.0.0-6.0.15</p>
+
+  </section>
+
+  <section name="Fixed in Apache Tomcat 6.0.SVN for inclusion in next release">
     <p><strong>important: Information disclosure</strong>
        <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5461";>
        CVE-2007-5461</a></p>



---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to