svn commit: r750924 - in /tomcat/tc6.0.x/trunk: ./ webapps/docs/changelog.xml webapps/examples/jsp/cal/cal2.jsp

Fri, 06 Mar 2009 06:50:22 -0800 

Author: markt
Date: Fri Mar  6 14:49:58 2009
New Revision: 750924

URL: http://svn.apache.org/viewvc?rev=750924&view=rev
Log:
Fix XSS in examples web application.
This is CVE-2009-0781.
Security page updates and formal announcement to follow.

Modified:
    tomcat/tc6.0.x/trunk/   (props changed)
    tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
    tomcat/tc6.0.x/trunk/webapps/examples/jsp/cal/cal2.jsp

Propchange: tomcat/tc6.0.x/trunk/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Fri Mar  6 14:49:58 2009
@@ -1 +1 @@
-/tomcat/trunk:601180,606992,612607,630314,640888,652744,653247,673796,673820,683982,684001,684081,684234,684269-684270,685177,687503,687645,689402,690781,691392,691805,692748,693378,694992,695053,695311,696780,696782,698012,698227,698236,698613,699427,699634,701355,709294,709811,709816,710063,710066,710125,710205,711126,711600,712461,712467,718360,719602,719626,719628,720046,720069,721040,723404,723738,726052,727303,728032,728768,728947,729057,729567,729569,729571,729809,729815,729934,730250,730590,731651,732859,732863,734734,740675,740684,742677,742697,742714,744160,744238,746321,746384,747834,747863,748344,750258,750291
+/tomcat/trunk:601180,606992,612607,630314,640888,652744,653247,673796,673820,683982,684001,684081,684234,684269-684270,685177,687503,687645,689402,690781,691392,691805,692748,693378,694992,695053,695311,696780,696782,698012,698227,698236,698613,699427,699634,701355,709294,709811,709816,710063,710066,710125,710205,711126,711600,712461,712467,718360,719602,719626,719628,720046,720069,721040,723404,723738,726052,727303,728032,728768,728947,729057,729567,729569,729571,729809,729815,729934,730250,730590,731651,732859,732863,734734,740675,740684,742677,742697,742714,744160,744238,746321,746384,747834,747863,748344,750258,750291,750921

Modified: tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
URL: 
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml?rev=750924&r1=750923&r2=750924&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml Fri Mar  6 14:49:58 2009
@@ -551,6 +551,9 @@
         <bug>46600</bug>: Document maxKeepAliveRequests for the NIO connector.
         (markt)
       </fix>
+      <fix>
+        Fix CVE-2009-0781. XSS in calendar example. (markt)
+      </fix>
     </changelog>
   </subsection>
   <subsection name="Other">

Modified: tomcat/tc6.0.x/trunk/webapps/examples/jsp/cal/cal2.jsp
URL: 
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/examples/jsp/cal/cal2.jsp?rev=750924&r1=750923&r2=750924&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/webapps/examples/jsp/cal/cal2.jsp (original)
+++ tomcat/tc6.0.x/trunk/webapps/examples/jsp/cal/cal2.jsp Fri Mar  6 14:49:58 
2009
@@ -35,7 +35,7 @@
 <FORM METHOD=POST ACTION=cal1.jsp>
 <BR> 
 <BR> <INPUT NAME="date" TYPE=HIDDEN VALUE="current">
-<BR> <INPUT NAME="time" TYPE=HIDDEN VALUE=<%= util.HTMLFilter.filter(time) %>
+<BR> <INPUT NAME="time" TYPE=HIDDEN VALUE="<%= util.HTMLFilter.filter(time) 
%>">
 <BR> <h2> Description of the event <INPUT NAME="description" TYPE=TEXT 
SIZE=20> </h2>
 <BR> <INPUT TYPE=SUBMIT VALUE="submit">
 </FORM>



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to