Author: markt
Date: Fri Mar 6 15:46:49 2009
New Revision: 750947
URL: http://svn.apache.org/viewvc?rev=750947&view=rev
Log:
Updates for CVE-2009-0781
Modified:
tomcat/site/trunk/docs/security-4.html
tomcat/site/trunk/docs/security-5.html
tomcat/site/trunk/docs/security-6.html
tomcat/site/trunk/xdocs/security-4.xml
tomcat/site/trunk/xdocs/security-5.xml
tomcat/site/trunk/xdocs/security-6.xml
Modified: tomcat/site/trunk/docs/security-4.html
URL:
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-4.html?rev=750947&r1=750946&r2=750947&view=diff
==============================================================================
--- tomcat/site/trunk/docs/security-4.html (original)
+++ tomcat/site/trunk/docs/security-4.html Fri Mar 6 15:46:49 2009
@@ -260,6 +260,46 @@
<tr>
<td bgcolor="#525D76">
<font color="#ffffff" face="arial,helvetica,sanserif">
+<a name="Fixed in Apache Tomcat 4.1.SVN">
+<strong>Fixed in Apache Tomcat 4.1.SVN</strong>
+</a>
+</font>
+</td>
+</tr>
+<tr>
+<td>
+<p>
+<blockquote>
+ <p>
+<strong>low: Cross-site scripting</strong>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0781";>
+ CVE-2009-0781</a>
+</p>
+
+ <p>The calendar application in the examples web application contains an
+ XSS flaw due to invalid HTML which renders the XSS filtering protection
+ ineffective.</p>
+
+ <p>This was fixed in
+ <a href="http://svn.apache.org/viewvc?rev=750927&view=rev";>
+ revision 750927</a>.</p>
+
+ <p>Affects: 4.1.0-4.1.39</p>
+
+ </blockquote>
+</p>
+</td>
+</tr>
+<tr>
+<td>
+<br/>
+</td>
+</tr>
+</table>
+<table border="0" cellspacing="0" cellpadding="2" width="100%">
+<tr>
+<td bgcolor="#525D76">
+<font color="#ffffff" face="arial,helvetica,sanserif">
<a name="Fixed in Apache Tomcat 4.1.39">
<strong>Fixed in Apache Tomcat 4.1.39</strong>
</a>
Modified: tomcat/site/trunk/docs/security-5.html
URL:
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-5.html?rev=750947&r1=750946&r2=750947&view=diff
==============================================================================
--- tomcat/site/trunk/docs/security-5.html (original)
+++ tomcat/site/trunk/docs/security-5.html Fri Mar 6 15:46:49 2009
@@ -222,6 +222,46 @@
<tr>
<td bgcolor="#525D76">
<font color="#ffffff" face="arial,helvetica,sanserif">
+<a name="Fixed in Apache Tomcat 5.5.SVN">
+<strong>Fixed in Apache Tomcat 5.5.SVN</strong>
+</a>
+</font>
+</td>
+</tr>
+<tr>
+<td>
+<p>
+<blockquote>
+ <p>
+<strong>low: Cross-site scripting</strong>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0781";>
+ CVE-2009-0781</a>
+</p>
+
+ <p>The calendar application in the examples web application contains an
+ XSS flaw due to invalid HTML which renders the XSS filtering protection
+ ineffective.</p>
+
+ <p>This was fixed in
+ <a href="http://svn.apache.org/viewvc?rev=750928&view=rev";>
+ revision 750928</a>.</p>
+
+ <p>Affects: 5.5.0-5.5.27</p>
+
+ </blockquote>
+</p>
+</td>
+</tr>
+<tr>
+<td>
+<br/>
+</td>
+</tr>
+</table>
+<table border="0" cellspacing="0" cellpadding="2" width="100%">
+<tr>
+<td bgcolor="#525D76">
+<font color="#ffffff" face="arial,helvetica,sanserif">
<a name="Fixed in Apache Tomcat 5.5.27">
<strong>Fixed in Apache Tomcat 5.5.27</strong>
</a>
Modified: tomcat/site/trunk/docs/security-6.html
URL:
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-6.html?rev=750947&r1=750946&r2=750947&view=diff
==============================================================================
--- tomcat/site/trunk/docs/security-6.html (original)
+++ tomcat/site/trunk/docs/security-6.html Fri Mar 6 15:46:49 2009
@@ -216,6 +216,46 @@
<tr>
<td bgcolor="#525D76">
<font color="#ffffff" face="arial,helvetica,sanserif">
+<a name="Fixed in Apache Tomcat 6.0.SVN">
+<strong>Fixed in Apache Tomcat 6.0.SVN</strong>
+</a>
+</font>
+</td>
+</tr>
+<tr>
+<td>
+<p>
+<blockquote>
+ <p>
+<strong>low: Cross-site scripting</strong>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0781";>
+ CVE-2009-0781</a>
+</p>
+
+ <p>The calendar application in the examples web application contains an
+ XSS flaw due to invalid HTML which renders the XSS filtering protection
+ ineffective.</p>
+
+ <p>This was fixed in
+ <a href="http://svn.apache.org/viewvc?rev=750924&view=rev";>
+ revision 750924</a>.</p>
+
+ <p>Affects: 6.0.0-6.0.18</p>
+
+ </blockquote>
+</p>
+</td>
+</tr>
+<tr>
+<td>
+<br/>
+</td>
+</tr>
+</table>
+<table border="0" cellspacing="0" cellpadding="2" width="100%">
+<tr>
+<td bgcolor="#525D76">
+<font color="#ffffff" face="arial,helvetica,sanserif">
<a name="Fixed in Apache Tomcat 6.0.18">
<strong>Fixed in Apache Tomcat 6.0.18</strong>
</a>
Modified: tomcat/site/trunk/xdocs/security-4.xml
URL:
http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-4.xml?rev=750947&r1=750946&r2=750947&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/security-4.xml (original)
+++ tomcat/site/trunk/xdocs/security-4.xml Fri Mar 6 15:46:49 2009
@@ -43,6 +43,23 @@
</section>
+ <section name="Fixed in Apache Tomcat 4.1.SVN">
+ <p><strong>low: Cross-site scripting</strong>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0781";>
+ CVE-2009-0781</a></p>
+
+ <p>The calendar application in the examples web application contains an
+ XSS flaw due to invalid HTML which renders the XSS filtering protection
+ ineffective.</p>
+
+ <p>This was fixed in
+ <a href="http://svn.apache.org/viewvc?rev=750927&view=rev";>
+ revision 750927</a>.</p>
+
+ <p>Affects: 4.1.0-4.1.39</p>
+
+ </section>
+
<section name="Fixed in Apache Tomcat 4.1.39">
<p><strong>moderate: Session hi-jacking</strong>
Modified: tomcat/site/trunk/xdocs/security-5.xml
URL:
http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-5.xml?rev=750947&r1=750946&r2=750947&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/security-5.xml (original)
+++ tomcat/site/trunk/xdocs/security-5.xml Fri Mar 6 15:46:49 2009
@@ -28,6 +28,23 @@
</section>
+ <section name="Fixed in Apache Tomcat 5.5.SVN">
+ <p><strong>low: Cross-site scripting</strong>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0781";>
+ CVE-2009-0781</a></p>
+
+ <p>The calendar application in the examples web application contains an
+ XSS flaw due to invalid HTML which renders the XSS filtering protection
+ ineffective.</p>
+
+ <p>This was fixed in
+ <a href="http://svn.apache.org/viewvc?rev=750928&view=rev";>
+ revision 750928</a>.</p>
+
+ <p>Affects: 5.5.0-5.5.27</p>
+
+ </section>
+
<section name="Fixed in Apache Tomcat 5.5.27">
<p><strong>low: Cross-site scripting</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1232";>
Modified: tomcat/site/trunk/xdocs/security-6.xml
URL:
http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-6.xml?rev=750947&r1=750946&r2=750947&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/security-6.xml (original)
+++ tomcat/site/trunk/xdocs/security-6.xml Fri Mar 6 15:46:49 2009
@@ -22,6 +22,23 @@
</section>
+ <section name="Fixed in Apache Tomcat 6.0.SVN">
+ <p><strong>low: Cross-site scripting</strong>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0781";>
+ CVE-2009-0781</a></p>
+
+ <p>The calendar application in the examples web application contains an
+ XSS flaw due to invalid HTML which renders the XSS filtering protection
+ ineffective.</p>
+
+ <p>This was fixed in
+ <a href="http://svn.apache.org/viewvc?rev=750924&view=rev";>
+ revision 750924</a>.</p>
+
+ <p>Affects: 6.0.0-6.0.18</p>
+
+ </section>
+
<section name="Fixed in Apache Tomcat 6.0.18">
<p><strong>low: Cross-site scripting</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1232";>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
