Author: markt
Date: Wed Sep 10 03:01:25 2008
New Revision: 693763
URL: http://svn.apache.org/viewvc?rev=693763&view=rev
Log:
Add new information for CVE-2008-2938
Add svn commits for more recent release
Update for 5.5.27 release
Modified:
tomcat/site/trunk/docs/security-4.html
tomcat/site/trunk/docs/security-5.html
tomcat/site/trunk/docs/security-6.html
tomcat/site/trunk/xdocs/security-4.xml
tomcat/site/trunk/xdocs/security-5.xml
tomcat/site/trunk/xdocs/security-6.xml
Modified: tomcat/site/trunk/docs/security-4.html
URL:
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-4.html?rev=693763&r1=693762&r2=693763&view=diff
==============================================================================
--- tomcat/site/trunk/docs/security-4.html (original)
+++ tomcat/site/trunk/docs/security-4.html Wed Sep 10 03:01:25 2008
@@ -282,6 +282,10 @@
transmitted to any content that is - by purpose or error - requested via
http from the same server. </p>
+ <p>This was fixed in
+ <a href="http://svn.apache.org/viewvc?rev=684900&view=rev";>
+ revision 684900</a>.</p>
+
<p>Affects: 4.1.0-4.1.37</p>
<p>
@@ -298,6 +302,10 @@
XSS attack, unfiltered user supplied data must be included in the
message
argument.</p>
+ <p>This was fixed in
+ <a href="http://svn.apache.org/viewvc?rev=680947&view=rev";>
+ revision 680947</a>.</p>
+
<p>Affects: 4.1.0-4.1.37</p>
<p>
@@ -307,15 +315,19 @@
</p>
<p>When using a RequestDispatcher the target path was normalised before
the
- query string was removed. A request that included a specially
crafted
+ query string was removed. A request that included a specially crafted
request parameter could be used to access content that would otherwise
be
- protected by a security constraint or by locating it in under the
WEB-INF
+ protected by a security constraint or by locating it in under the
WEB-INF
directory.</p>
+ <p>This was fixed in
+ <a href="http://svn.apache.org/viewvc?rev=680950&view=rev";>
+ revision 680950</a>.</p>
+
<p>Affects: 4.1.0-4.1.37</p>
<p>
-<strong>moderate: Directory traversal</strong>
+<strong>important: Directory traversal</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2938";>
CVE-2008-2938</a>
</p>
@@ -323,7 +335,16 @@
<p>If a context is configured with <code>allowLinking="true"</code> and the
connector is configured with <code>URIEncoding="UTF-8"</code> then a
malformed request may be used to access arbitrary files on the server.
- </p>
+ If the connector is configured with <code>URIEncoding="UTF-8"</code>
then
+ a malformed request may be used to access arbitrary files within the
+ docBase of a context such as web.xml. It should also be noted that
+ setting <code>useBodyEncodingForURI="true"</code> has the same effect as
+ setting <code>URIEncoding="UTF-8"</code> when processing requests with
+ bodies encoded with UTF-8.</p>
+
+ <p>This was fixed in
+ <a href="http://svn.apache.org/viewvc?rev=681065&view=rev";>
+ revision 681065</a>.</p>
<p>Affects: 4.1.0-4.1.37</p>
Modified: tomcat/site/trunk/docs/security-5.html
URL:
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-5.html?rev=693763&r1=693762&r2=693763&view=diff
==============================================================================
--- tomcat/site/trunk/docs/security-5.html (original)
+++ tomcat/site/trunk/docs/security-5.html Wed Sep 10 03:01:25 2008
@@ -222,8 +222,8 @@
<tr>
<td bgcolor="#525D76">
<font color="#ffffff" face="arial,helvetica,sanserif">
-<a name="Fixed in Apache Tomcat 5.5.SVN">
-<strong>Fixed in Apache Tomcat 5.5.SVN</strong>
+<a name="Fixed in Apache Tomcat 5.5.27">
+<strong>Fixed in Apache Tomcat 5.5.27</strong>
</a>
</font>
</td>
@@ -246,6 +246,10 @@
XSS attack, unfiltered user supplied data must be included in the
message
argument.</p>
+ <p>This was fixed in
+ <a href="http://svn.apache.org/viewvc?rev=680947&view=rev";>
+ revision 680947</a>.</p>
+
<p>Affects: 5.5.0-5.5.26</p>
<p>
@@ -260,6 +264,10 @@
out (closing the browser) of the application once the management tasks
have been completed.</p>
+ <p>This was fixed in
+ <a href="http://svn.apache.org/viewvc?rev=662583&view=rev";>
+ revision 662583</a>.</p>
+
<p>Affects: 5.5.9-5.5.26</p>
<p>
@@ -269,15 +277,19 @@
</p>
<p>When using a RequestDispatcher the target path was normalised before
the
- query string was removed. A request that included a specially
crafted
+ query string was removed. A request that included a specially crafted
request parameter could be used to access content that would otherwise
be
- protected by a security constraint or by locating it in under the
WEB-INF
+ protected by a security constraint or by locating it in under the
WEB-INF
directory.</p>
+ <p>This was fixed in
+ <a href="http://svn.apache.org/viewvc?rev=680949&view=rev";>
+ revision 680949</a>.</p>
+
<p>Affects: 5.5.0-5.5.26</p>
<p>
-<strong>moderate: Directory traversal</strong>
+<strong>important: Directory traversal</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2938";>
CVE-2008-2938</a>
</p>
@@ -285,8 +297,17 @@
<p>If a context is configured with <code>allowLinking="true"</code> and the
connector is configured with <code>URIEncoding="UTF-8"</code> then a
malformed request may be used to access arbitrary files on the server.
- </p>
-
+ If the connector is configured with <code>URIEncoding="UTF-8"</code>
then
+ a malformed request may be used to access arbitrary files within the
+ docBase of a context such as web.xml. It should also be noted that
+ setting <code>useBodyEncodingForURI="true"</code> has the same effect as
+ setting <code>URIEncoding="UTF-8"</code> when processing requests with
+ bodies encoded with UTF-8.</p>
+
+ <p>This was fixed in
+ <a href="http://svn.apache.org/viewvc?rev=681029&view=rev";>
+ revision 681029</a>.</p>
+
<p>Affects: 5.5.0-5.5.26</p>
</blockquote>
Modified: tomcat/site/trunk/docs/security-6.html
URL:
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-6.html?rev=693763&r1=693762&r2=693763&view=diff
==============================================================================
--- tomcat/site/trunk/docs/security-6.html (original)
+++ tomcat/site/trunk/docs/security-6.html Wed Sep 10 03:01:25 2008
@@ -240,6 +240,10 @@
XSS attack, unfiltered user supplied data must be included in the
message
argument.</p>
+ <p>This was fixed in
+ <a href="http://svn.apache.org/viewvc?rev=673834&view=rev";>
+ revision 673834</a>.</p>
+
<p>Affects: 6.0.0-6.0.16</p>
<p>
@@ -254,6 +258,12 @@
out (closing the browser) of the application once the management tasks
have been completed.</p>
+ <p>This was fixed in
+ <a href="http://svn.apache.org/viewvc?rev=662585&view=rev";>
+ revision 662585</a>.</p>
+
+ <p>Affects: 6.0.0-6.0.16</p>
+
<p>
<strong>important: Information disclosure</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2370";>
@@ -261,15 +271,19 @@
</p>
<p>When using a RequestDispatcher the target path was normalised before
the
- query string was removed. A request that included a specially
crafted
+ query string was removed. A request that included a specially crafted
request parameter could be used to access content that would otherwise
be
- protected by a security constraint or by locating it in under the
WEB-INF
+ protected by a security constraint or by locating it in under the
WEB-INF
directory.</p>
+
+ <p>This was fixed in
+ <a href="http://svn.apache.org/viewvc?rev=673839&view=rev";>
+ revision 673839</a>.</p>
<p>Affects: 6.0.0-6.0.16</p>
<p>
-<strong>moderate: Directory traversal</strong>
+<strong>important: Directory traversal</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2938";>
CVE-2008-2938</a>
</p>
@@ -277,7 +291,16 @@
<p>If a context is configured with <code>allowLinking="true"</code> and the
connector is configured with <code>URIEncoding="UTF-8"</code> then a
malformed request may be used to access arbitrary files on the server.
- </p>
+ If the connector is configured with <code>URIEncoding="UTF-8"</code>
then
+ a malformed request may be used to access arbitrary files within the
+ docBase of a context such as web.xml. It should also be noted that
+ setting <code>useBodyEncodingForURI="true"</code> has the same effect as
+ setting <code>URIEncoding="UTF-8"</code> when processing requests with
+ bodies encoded with UTF-8.</p>
+
+ <p>This was fixed in
+ <a href="http://svn.apache.org/viewvc?rev=678137&view=rev";>
+ revision 678137</a>.</p>
<p>Affects: 6.0.0-6.0.16</p>
Modified: tomcat/site/trunk/xdocs/security-4.xml
URL:
http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-4.xml?rev=693763&r1=693762&r2=693763&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/security-4.xml (original)
+++ tomcat/site/trunk/xdocs/security-4.xml Wed Sep 10 03:01:25 2008
@@ -54,6 +54,10 @@
transmitted to any content that is - by purpose or error - requested via
http from the same server. </p>
+ <p>This was fixed in
+ <a href="http://svn.apache.org/viewvc?rev=684900&view=rev";>
+ revision 684900</a>.</p>
+
<p>Affects: 4.1.0-4.1.37</p>
<p><strong>low: Cross-site scripting</strong>
@@ -68,6 +72,10 @@
XSS attack, unfiltered user supplied data must be included in the
message
argument.</p>
+ <p>This was fixed in
+ <a href="http://svn.apache.org/viewvc?rev=680947&view=rev";>
+ revision 680947</a>.</p>
+
<p>Affects: 4.1.0-4.1.37</p>
<p><strong>important: Information disclosure</strong>
@@ -75,21 +83,34 @@
CVE-2008-2370</a></p>
<p>When using a RequestDispatcher the target path was normalised before
the
- query string was removed. A request that included a specially
crafted
+ query string was removed. A request that included a specially crafted
request parameter could be used to access content that would otherwise
be
- protected by a security constraint or by locating it in under the
WEB-INF
+ protected by a security constraint or by locating it in under the
WEB-INF
directory.</p>
+ <p>This was fixed in
+ <a href="http://svn.apache.org/viewvc?rev=680950&view=rev";>
+ revision 680950</a>.</p>
+
<p>Affects: 4.1.0-4.1.37</p>
- <p><strong>moderate: Directory traversal</strong>
+ <p><strong>important: Directory traversal</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2938";>
CVE-2008-2938</a></p>
<p>If a context is configured with <code>allowLinking="true"</code> and the
connector is configured with <code>URIEncoding="UTF-8"</code> then a
malformed request may be used to access arbitrary files on the server.
- </p>
+ If the connector is configured with <code>URIEncoding="UTF-8"</code>
then
+ a malformed request may be used to access arbitrary files within the
+ docBase of a context such as web.xml. It should also be noted that
+ setting <code>useBodyEncodingForURI="true"</code> has the same effect as
+ setting <code>URIEncoding="UTF-8"</code> when processing requests with
+ bodies encoded with UTF-8.</p>
+
+ <p>This was fixed in
+ <a href="http://svn.apache.org/viewvc?rev=681065&view=rev";>
+ revision 681065</a>.</p>
<p>Affects: 4.1.0-4.1.37</p>
Modified: tomcat/site/trunk/xdocs/security-5.xml
URL:
http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-5.xml?rev=693763&r1=693762&r2=693763&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/security-5.xml (original)
+++ tomcat/site/trunk/xdocs/security-5.xml Wed Sep 10 03:01:25 2008
@@ -28,7 +28,7 @@
</section>
- <section name="Fixed in Apache Tomcat 5.5.SVN">
+ <section name="Fixed in Apache Tomcat 5.5.27">
<p><strong>low: Cross-site scripting</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1232";>
CVE-2008-1232</a></p>
@@ -41,6 +41,10 @@
XSS attack, unfiltered user supplied data must be included in the
message
argument.</p>
+ <p>This was fixed in
+ <a href="http://svn.apache.org/viewvc?rev=680947&view=rev";>
+ revision 680947</a>.</p>
+
<p>Affects: 5.5.0-5.5.26</p>
<p><strong>low: Cross-site scripting</strong>
@@ -53,6 +57,10 @@
out (closing the browser) of the application once the management tasks
have been completed.</p>
+ <p>This was fixed in
+ <a href="http://svn.apache.org/viewvc?rev=662583&view=rev";>
+ revision 662583</a>.</p>
+
<p>Affects: 5.5.9-5.5.26</p>
<p><strong>important: Information disclosure</strong>
@@ -60,22 +68,35 @@
CVE-2008-2370</a></p>
<p>When using a RequestDispatcher the target path was normalised before
the
- query string was removed. A request that included a specially
crafted
+ query string was removed. A request that included a specially crafted
request parameter could be used to access content that would otherwise
be
- protected by a security constraint or by locating it in under the
WEB-INF
+ protected by a security constraint or by locating it in under the
WEB-INF
directory.</p>
+ <p>This was fixed in
+ <a href="http://svn.apache.org/viewvc?rev=680949&view=rev";>
+ revision 680949</a>.</p>
+
<p>Affects: 5.5.0-5.5.26</p>
- <p><strong>moderate: Directory traversal</strong>
+ <p><strong>important: Directory traversal</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2938";>
CVE-2008-2938</a></p>
<p>If a context is configured with <code>allowLinking="true"</code> and the
connector is configured with <code>URIEncoding="UTF-8"</code> then a
malformed request may be used to access arbitrary files on the server.
- </p>
-
+ If the connector is configured with <code>URIEncoding="UTF-8"</code>
then
+ a malformed request may be used to access arbitrary files within the
+ docBase of a context such as web.xml. It should also be noted that
+ setting <code>useBodyEncodingForURI="true"</code> has the same effect as
+ setting <code>URIEncoding="UTF-8"</code> when processing requests with
+ bodies encoded with UTF-8.</p>
+
+ <p>This was fixed in
+ <a href="http://svn.apache.org/viewvc?rev=681029&view=rev";>
+ revision 681029</a>.</p>
+
<p>Affects: 5.5.0-5.5.26</p>
</section>
Modified: tomcat/site/trunk/xdocs/security-6.xml
URL:
http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-6.xml?rev=693763&r1=693762&r2=693763&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/security-6.xml (original)
+++ tomcat/site/trunk/xdocs/security-6.xml Wed Sep 10 03:01:25 2008
@@ -35,6 +35,10 @@
XSS attack, unfiltered user supplied data must be included in the
message
argument.</p>
+ <p>This was fixed in
+ <a href="http://svn.apache.org/viewvc?rev=673834&view=rev";>
+ revision 673834</a>.</p>
+
<p>Affects: 6.0.0-6.0.16</p>
<p><strong>low: Cross-site scripting</strong>
@@ -47,26 +51,45 @@
out (closing the browser) of the application once the management tasks
have been completed.</p>
+ <p>This was fixed in
+ <a href="http://svn.apache.org/viewvc?rev=662585&view=rev";>
+ revision 662585</a>.</p>
+
+ <p>Affects: 6.0.0-6.0.16</p>
+
<p><strong>important: Information disclosure</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2370";>
CVE-2008-2370</a></p>
<p>When using a RequestDispatcher the target path was normalised before
the
- query string was removed. A request that included a specially
crafted
+ query string was removed. A request that included a specially crafted
request parameter could be used to access content that would otherwise
be
- protected by a security constraint or by locating it in under the
WEB-INF
+ protected by a security constraint or by locating it in under the
WEB-INF
directory.</p>
+
+ <p>This was fixed in
+ <a href="http://svn.apache.org/viewvc?rev=673839&view=rev";>
+ revision 673839</a>.</p>
<p>Affects: 6.0.0-6.0.16</p>
- <p><strong>moderate: Directory traversal</strong>
+ <p><strong>important: Directory traversal</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2938";>
CVE-2008-2938</a></p>
<p>If a context is configured with <code>allowLinking="true"</code> and the
connector is configured with <code>URIEncoding="UTF-8"</code> then a
malformed request may be used to access arbitrary files on the server.
- </p>
+ If the connector is configured with <code>URIEncoding="UTF-8"</code>
then
+ a malformed request may be used to access arbitrary files within the
+ docBase of a context such as web.xml. It should also be noted that
+ setting <code>useBodyEncodingForURI="true"</code> has the same effect as
+ setting <code>URIEncoding="UTF-8"</code> when processing requests with
+ bodies encoded with UTF-8.</p>
+
+ <p>This was fixed in
+ <a href="http://svn.apache.org/viewvc?rev=678137&view=rev";>
+ revision 678137</a>.</p>
<p>Affects: 6.0.0-6.0.16</p>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
