security-5.xml

markt Wed, 25 Feb 2009 15:18:39 -0800

Author: markt
Date: Wed Feb 25 23:18:03 2009
New Revision: 747960

URL: http://svn.apache.org/viewvc?rev=747960&view=rev
Log:
Update with info on CVE-2008-4308


Modified:
    tomcat/site/trunk/docs/security-4.html
    tomcat/site/trunk/docs/security-5.html
    tomcat/site/trunk/xdocs/security-4.xml
    tomcat/site/trunk/xdocs/security-5.xml

Modified: tomcat/site/trunk/docs/security-4.html
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-4.html?rev=747960&r1=747959&r2=747960&view=diff
==============================================================================
--- tomcat/site/trunk/docs/security-4.html (original)
+++ tomcat/site/trunk/docs/security-4.html Wed Feb 25 23:18:03 2009
@@ -584,6 +584,46 @@
 <tr>
 <td bgcolor="#525D76">
 <font color="#ffffff" face="arial,helvetica,sanserif">
+<a name="Fixed in Apache Tomcat 4.1.35">
+<strong>Fixed in Apache Tomcat 4.1.35</strong>
+</a>
+</font>
+</td>
+</tr>
+<tr>
+<td>
+<p>
+<blockquote>
+
+    <p>
+<strong>low: Information disclosure</strong>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4308";>
+       CVE-2008-4308</a>
+</p>
+
+    <p>
+<a href="https://issues.apache.org/bugzilla/show_bug.cgi?id=40771";>Bug
+    40711</a> may result in the disclosure of POSTed content from a previous
+    request. For a vulnerability to exist, the content read from the input
+    stream must be disclosed, eg via writing it to the response and committing
+    the response, before the ArrayIndexOutOfBoundsException occurs which will
+    halt processing of the request.</p>
+
+    <p>Affects: 4.1.32-4.1.34 (4.0.x unknown)</p>
+  </blockquote>
+</p>
+</td>
+</tr>
+<tr>
+<td>
+<br/>
+</td>
+</tr>
+</table>
+<table border="0" cellspacing="0" cellpadding="2" width="100%">
+<tr>
+<td bgcolor="#525D76">
+<font color="#ffffff" face="arial,helvetica,sanserif">
 <a name="Fixed in Apache Tomcat 4.1.32">
 <strong>Fixed in Apache Tomcat 4.1.32</strong>
 </a>

Modified: tomcat/site/trunk/docs/security-5.html
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-5.html?rev=747960&r1=747959&r2=747960&view=diff
==============================================================================
--- tomcat/site/trunk/docs/security-5.html (original)
+++ tomcat/site/trunk/docs/security-5.html Wed Feb 25 23:18:03 2009
@@ -668,6 +668,22 @@
        http from the same server. </p>
 
     <p>Affects: 5.0.0-5.0.SVN, 5.5.0-5.5.20</p>
+
+    <p>
+<strong>low: Information disclosure</strong>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4308";>
+       CVE-2008-4308</a>
+</p>
+
+    <p>
+<a href="https://issues.apache.org/bugzilla/show_bug.cgi?id=40771";>Bug
+    40711</a> may result in the disclosure of POSTed content from a previous
+    request. For a vulnerability to exist, the content read from the input
+    stream must be disclosed, eg via writing it to the response and committing
+    the response, before the ArrayIndexOutOfBoundsException occurs which will
+    halt processing of the request.</p>
+
+    <p>Affects: 5.5.10-5.5.20 (5.0.x unknown)</p>
   </blockquote>
 </p>
 </td>

Modified: tomcat/site/trunk/xdocs/security-4.xml
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-4.xml?rev=747960&r1=747959&r2=747960&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/security-4.xml (original)
+++ tomcat/site/trunk/xdocs/security-4.xml Wed Feb 25 23:18:03 2009
@@ -274,6 +274,22 @@
     <p>Affects: 4.0.0-4.0.6, 4.1.0-4.1.34</p>
   </section>
 
+  <section name="Fixed in Apache Tomcat 4.1.35">
+
+    <p><strong>low: Information disclosure</strong>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4308";>
+       CVE-2008-4308</a></p>
+
+    <p><a href="https://issues.apache.org/bugzilla/show_bug.cgi?id=40771";>Bug
+    40711</a> may result in the disclosure of POSTed content from a previous
+    request. For a vulnerability to exist, the content read from the input
+    stream must be disclosed, eg via writing it to the response and committing
+    the response, before the ArrayIndexOutOfBoundsException occurs which will
+    halt processing of the request.</p>
+
+    <p>Affects: 4.1.32-4.1.34 (4.0.x unknown)</p>
+  </section>
+
   <section name="Fixed in Apache Tomcat 4.1.32">
 
     <p><strong>low: Information disclosure</strong>

Modified: tomcat/site/trunk/xdocs/security-5.xml
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-5.xml?rev=747960&r1=747959&r2=747960&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/security-5.xml (original)
+++ tomcat/site/trunk/xdocs/security-5.xml Wed Feb 25 23:18:03 2009
@@ -284,6 +284,19 @@
        http from the same server. </p>
 
     <p>Affects: 5.0.0-5.0.SVN, 5.5.0-5.5.20</p>
+
+    <p><strong>low: Information disclosure</strong>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4308";>
+       CVE-2008-4308</a></p>
+
+    <p><a href="https://issues.apache.org/bugzilla/show_bug.cgi?id=40771";>Bug
+    40711</a> may result in the disclosure of POSTed content from a previous
+    request. For a vulnerability to exist, the content read from the input
+    stream must be disclosed, eg via writing it to the response and committing
+    the response, before the ArrayIndexOutOfBoundsException occurs which will
+    halt processing of the request.</p>
+
+    <p>Affects: 5.5.10-5.5.20 (5.0.x unknown)</p>
   </section>
 
   <section name="Fixed in Apache Tomcat 5.5.18, 5.0.SVN">



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r747960 - in /tomcat/site/trunk: docs/security-4.html docs/security-5.html xdocs/security-4.xml xdocs/security-5.xml

Reply via email to