svn commit: r684832 - in /tomcat/site/trunk: docs/security-4.html docs/security-5.html docs/security-6.html xdocs/security-4.xml xdocs/security-5.xml xdocs/security-6.xml

Mon, 11 Aug 2008 10:36:12 -0700 

Author: markt
Date: Mon Aug 11 10:35:04 2008
New Revision: 684832

URL: http://svn.apache.org/viewvc?rev=684832&view=rev
Log:
Update with details for CVE-2008-2938

Modified:
    tomcat/site/trunk/docs/security-4.html
    tomcat/site/trunk/docs/security-5.html
    tomcat/site/trunk/docs/security-6.html
    tomcat/site/trunk/xdocs/security-4.xml
    tomcat/site/trunk/xdocs/security-5.xml
    tomcat/site/trunk/xdocs/security-6.xml

Modified: tomcat/site/trunk/docs/security-4.html
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-4.html?rev=684832&r1=684831&r2=684832&view=diff
==============================================================================
--- tomcat/site/trunk/docs/security-4.html (original)
+++ tomcat/site/trunk/docs/security-4.html Mon Aug 11 10:35:04 2008
@@ -338,6 +338,19 @@
 
     <p>Affects: 4.1.0-4.1.37</p>
     
+    <p>
+<strong>moderate: Directory traversal</strong>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2938";>
+       CVE-2008-2938</a>
+</p>
+
+    <p>If a context is configured with <code>allowLinking="true"</code> and the
+       connector is configured with <code>URIEncoding="UTF-8"</code> then a
+       malformed request may be used to access arbitrary files on the server.
+       </p>
+
+    <p>Affects: 4.1.0-4.1.37</p>
+
   </blockquote>
 </p>
 </td>

Modified: tomcat/site/trunk/docs/security-5.html
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-5.html?rev=684832&r1=684831&r2=684832&view=diff
==============================================================================
--- tomcat/site/trunk/docs/security-5.html (original)
+++ tomcat/site/trunk/docs/security-5.html Mon Aug 11 10:35:04 2008
@@ -276,6 +276,19 @@
 
     <p>Affects: 5.5.0-5.5.26</p>
     
+    <p>
+<strong>moderate: Directory traversal</strong>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2938";>
+       CVE-2008-2938</a>
+</p>
+
+    <p>If a context is configured with <code>allowLinking="true"</code> and the
+       connector is configured with <code>URIEncoding="UTF-8"</code> then a
+       malformed request may be used to access arbitrary files on the server.
+       </p>
+
+    <p>Affects: 5.5.0-5.5.26</p>
+
   </blockquote>
 </p>
 </td>

Modified: tomcat/site/trunk/docs/security-6.html
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-6.html?rev=684832&r1=684831&r2=684832&view=diff
==============================================================================
--- tomcat/site/trunk/docs/security-6.html (original)
+++ tomcat/site/trunk/docs/security-6.html Mon Aug 11 10:35:04 2008
@@ -254,8 +254,6 @@
        out (closing the browser) of the application once the management tasks
        have been completed.</p>
 
-    <p>Affects: 6.0.0-6.0.16</p>
-
     <p>
 <strong>important: Information disclosure</strong>
        <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2370";>
@@ -269,6 +267,20 @@
        directory.</p>
 
     <p>Affects: 6.0.0-6.0.16</p>
+
+    <p>
+<strong>moderate: Directory traversal</strong>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2938";>
+       CVE-2008-2938</a>
+</p>
+
+    <p>If a context is configured with <code>allowLinking="true"</code> and the
+       connector is configured with <code>URIEncoding="UTF-8"</code> then a
+       malformed request may be used to access arbitrary files on the server.
+       </p>
+
+    <p>Affects: 6.0.0-6.0.16</p>
+
   </blockquote>
 </p>
 </td>

Modified: tomcat/site/trunk/xdocs/security-4.xml
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-4.xml?rev=684832&r1=684831&r2=684832&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/security-4.xml (original)
+++ tomcat/site/trunk/xdocs/security-4.xml Mon Aug 11 10:35:04 2008
@@ -85,6 +85,17 @@
 
     <p>Affects: 4.1.0-4.1.37</p>
     
+    <p><strong>moderate: Directory traversal</strong>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2938";>
+       CVE-2008-2938</a></p>
+
+    <p>If a context is configured with <code>allowLinking="true"</code> and the
+       connector is configured with <code>URIEncoding="UTF-8"</code> then a
+       malformed request may be used to access arbitrary files on the server.
+       </p>
+
+    <p>Affects: 4.1.0-4.1.37</p>
+
   </section>
 
   <section name="Fixed in Apache Tomcat 4.1.37">

Modified: tomcat/site/trunk/xdocs/security-5.xml
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-5.xml?rev=684832&r1=684831&r2=684832&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/security-5.xml (original)
+++ tomcat/site/trunk/xdocs/security-5.xml Mon Aug 11 10:35:04 2008
@@ -67,6 +67,17 @@
 
     <p>Affects: 5.5.0-5.5.26</p>
     
+    <p><strong>moderate: Directory traversal</strong>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2938";>
+       CVE-2008-2938</a></p>
+
+    <p>If a context is configured with <code>allowLinking="true"</code> and the
+       connector is configured with <code>URIEncoding="UTF-8"</code> then a
+       malformed request may be used to access arbitrary files on the server.
+       </p>
+
+    <p>Affects: 5.5.0-5.5.26</p>
+
   </section>
 
   <section name="Fixed in Apache Tomcat 5.5.26">

Modified: tomcat/site/trunk/xdocs/security-6.xml
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-6.xml?rev=684832&r1=684831&r2=684832&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/security-6.xml (original)
+++ tomcat/site/trunk/xdocs/security-6.xml Mon Aug 11 10:35:04 2008
@@ -47,8 +47,6 @@
        out (closing the browser) of the application once the management tasks
        have been completed.</p>
 
-    <p>Affects: 6.0.0-6.0.16</p>
-
     <p><strong>important: Information disclosure</strong>
        <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2370";>
        CVE-2008-2370</a></p>
@@ -60,6 +58,18 @@
        directory.</p>
 
     <p>Affects: 6.0.0-6.0.16</p>
+
+    <p><strong>moderate: Directory traversal</strong>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2938";>
+       CVE-2008-2938</a></p>
+
+    <p>If a context is configured with <code>allowLinking="true"</code> and the
+       connector is configured with <code>URIEncoding="UTF-8"</code> then a
+       malformed request may be used to access arbitrary files on the server.
+       </p>
+
+    <p>Affects: 6.0.0-6.0.16</p>
+
   </section>
 
 



---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to