Author: markt
Date: Thu Jun 4 11:10:59 2009
New Revision: 781710
URL: http://svn.apache.org/viewvc?rev=781710&view=rev
Log:
Add CVE-2009-0783
Modified:
tomcat/site/trunk/docs/security-4.html
tomcat/site/trunk/docs/security-5.html
tomcat/site/trunk/docs/security-6.html
tomcat/site/trunk/xdocs/security-4.xml
tomcat/site/trunk/xdocs/security-5.xml
tomcat/site/trunk/xdocs/security-6.xml
Modified: tomcat/site/trunk/docs/security-4.html
URL:
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-4.html?rev=781710&r1=781709&r2=781710&view=diff
==============================================================================
--- tomcat/site/trunk/docs/security-4.html (original)
+++ tomcat/site/trunk/docs/security-4.html Thu Jun 4 11:10:59 2009
@@ -323,6 +323,27 @@
<p>Affects: 4.1.0-4.1.39</p>
+ <p>
+<strong>low: Information disclosure</strong>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0783";>
+ CVE-2009-0783</a>
+</p>
+
+ <p>Bugs <a href="https://issues.apache.org/bugzilla/show_bug.cgi?id=29936";>
+ 29936</a> and
+ <a href="https://issues.apache.org/bugzilla/show_bug.cgi?id=45933";>
+ 45933</a> allowed a web application to replace the XML parser used by
+ Tomcat to process web.xml and tld files. In limited circumstances these
+ bugs may allow a rouge web application to view and/or alter the web.xml
+ and tld files of other web applications deployed on the Tomcat instance.
+ </p>
+
+ <p>This was fixed in
+ <a href="http://svn.apache.org/viewvc?rev=781708&view=rev";>
+ revision 781708</a>.</p>
+
+ <p>Affects: 4.1.0-4.1.39</p>
+
</blockquote>
</p>
</td>
Modified: tomcat/site/trunk/docs/security-5.html
URL:
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-5.html?rev=781710&r1=781709&r2=781710&view=diff
==============================================================================
--- tomcat/site/trunk/docs/security-5.html (original)
+++ tomcat/site/trunk/docs/security-5.html Thu Jun 4 11:10:59 2009
@@ -285,6 +285,29 @@
<p>Affects: 5.5.0-5.5.27</p>
+ <p>
+<strong>low: Information disclosure</strong>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0783";>
+ CVE-2009-0783</a>
+</p>
+
+ <p>Bugs <a href="https://issues.apache.org/bugzilla/show_bug.cgi?id=29936";>
+ 29936</a> and
+ <a href="https://issues.apache.org/bugzilla/show_bug.cgi?id=45933";>
+ 45933</a> allowed a web application to replace the XML parser used by
+ Tomcat to process web.xml, context.xml and tld files. In limited
+ circumstances these bugs may allow a rouge web application to view
and/or
+ alter the web.xml, context.xml and tld files of other web applications
+ deployed on the Tomcat instance.</p>
+
+ <p>This was fixed in revisions
+ <a href="http://svn.apache.org/viewvc?rev=681156&view=rev";>
+ 681156</a> and
+ <a href="http://svn.apache.org/viewvc?rev=781542&view=rev";>
+ 781542</a>.</p>
+
+ <p>Affects: 5.5.0-5.5.27</p>
+
</blockquote>
</p>
</td>
Modified: tomcat/site/trunk/docs/security-6.html
URL:
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-6.html?rev=781710&r1=781709&r2=781710&view=diff
==============================================================================
--- tomcat/site/trunk/docs/security-6.html (original)
+++ tomcat/site/trunk/docs/security-6.html Thu Jun 4 11:10:59 2009
@@ -285,6 +285,29 @@
revision 750924</a>.</p>
<p>Affects: 6.0.0-6.0.18</p>
+
+ <p>
+<strong>low: Information disclosure</strong>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0783";>
+ CVE-2009-0783</a>
+</p>
+
+ <p>Bugs <a href="https://issues.apache.org/bugzilla/show_bug.cgi?id=29936";>
+ 29936</a> and
+ <a href="https://issues.apache.org/bugzilla/show_bug.cgi?id=45933";>
+ 45933</a> allowed a web application to replace the XML parser used by
+ Tomcat to process web.xml, context.xml and tld files. In limited
+ circumstances these bugs may allow a rouge web application to view
and/or
+ alter the web.xml, context.xml and tld files of other web applications
+ deployed on the Tomcat instance.</p>
+
+ <p>This was fixed in revisions
+ <a href="http://svn.apache.org/viewvc?rev=652592&view=rev";>
+ 652592</a> and
+ <a href="http://svn.apache.org/viewvc?rev=739522&view=rev";>
+ 739522</a>.</p>
+
+ <p>Affects: 6.0.0-6.0.18</p>
</blockquote>
</p>
Modified: tomcat/site/trunk/xdocs/security-4.xml
URL:
http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-4.xml?rev=781710&r1=781709&r2=781710&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/security-4.xml (original)
+++ tomcat/site/trunk/xdocs/security-4.xml Thu Jun 4 11:10:59 2009
@@ -91,6 +91,25 @@
<p>Affects: 4.1.0-4.1.39</p>
+ <p><strong>low: Information disclosure</strong>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0783";>
+ CVE-2009-0783</a></p>
+
+ <p>Bugs <a href="https://issues.apache.org/bugzilla/show_bug.cgi?id=29936";>
+ 29936</a> and
+ <a href="https://issues.apache.org/bugzilla/show_bug.cgi?id=45933";>
+ 45933</a> allowed a web application to replace the XML parser used by
+ Tomcat to process web.xml and tld files. In limited circumstances these
+ bugs may allow a rouge web application to view and/or alter the web.xml
+ and tld files of other web applications deployed on the Tomcat instance.
+ </p>
+
+ <p>This was fixed in
+ <a href="http://svn.apache.org/viewvc?rev=781708&view=rev";>
+ revision 781708</a>.</p>
+
+ <p>Affects: 4.1.0-4.1.39</p>
+
</section>
<section name="Fixed in Apache Tomcat 4.1.39">
Modified: tomcat/site/trunk/xdocs/security-5.xml
URL:
http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-5.xml?rev=781710&r1=781709&r2=781710&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/security-5.xml (original)
+++ tomcat/site/trunk/xdocs/security-5.xml Thu Jun 4 11:10:59 2009
@@ -76,6 +76,27 @@
<p>Affects: 5.5.0-5.5.27</p>
+ <p><strong>low: Information disclosure</strong>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0783";>
+ CVE-2009-0783</a></p>
+
+ <p>Bugs <a href="https://issues.apache.org/bugzilla/show_bug.cgi?id=29936";>
+ 29936</a> and
+ <a href="https://issues.apache.org/bugzilla/show_bug.cgi?id=45933";>
+ 45933</a> allowed a web application to replace the XML parser used by
+ Tomcat to process web.xml, context.xml and tld files. In limited
+ circumstances these bugs may allow a rouge web application to view
and/or
+ alter the web.xml, context.xml and tld files of other web applications
+ deployed on the Tomcat instance.</p>
+
+ <p>This was fixed in revisions
+ <a href="http://svn.apache.org/viewvc?rev=681156&view=rev";>
+ 681156</a> and
+ <a href="http://svn.apache.org/viewvc?rev=781542&view=rev";>
+ 781542</a>.</p>
+
+ <p>Affects: 5.5.0-5.5.27</p>
+
</section>
<section name="Fixed in Apache Tomcat 5.5.27">
Modified: tomcat/site/trunk/xdocs/security-6.xml
URL:
http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-6.xml?rev=781710&r1=781709&r2=781710&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/security-6.xml (original)
+++ tomcat/site/trunk/xdocs/security-6.xml Thu Jun 4 11:10:59 2009
@@ -74,6 +74,27 @@
revision 750924</a>.</p>
<p>Affects: 6.0.0-6.0.18</p>
+
+ <p><strong>low: Information disclosure</strong>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0783";>
+ CVE-2009-0783</a></p>
+
+ <p>Bugs <a href="https://issues.apache.org/bugzilla/show_bug.cgi?id=29936";>
+ 29936</a> and
+ <a href="https://issues.apache.org/bugzilla/show_bug.cgi?id=45933";>
+ 45933</a> allowed a web application to replace the XML parser used by
+ Tomcat to process web.xml, context.xml and tld files. In limited
+ circumstances these bugs may allow a rouge web application to view
and/or
+ alter the web.xml, context.xml and tld files of other web applications
+ deployed on the Tomcat instance.</p>
+
+ <p>This was fixed in revisions
+ <a href="http://svn.apache.org/viewvc?rev=652592&view=rev";>
+ 652592</a> and
+ <a href="http://svn.apache.org/viewvc?rev=739522&view=rev";>
+ 739522</a>.</p>
+
+ <p>Affects: 6.0.0-6.0.18</p>
</section>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
