security-7.xml

markt Tue, 04 Dec 2012 11:48:58 -0800

Author: markt
Date: Tue Dec  4 19:48:32 2012
New Revision: 1417137

URL: http://svn.apache.org/viewvc?rev=1417137&view=rev
Log:
Publish vulnerability info


Modified:
    tomcat/site/trunk/docs/security-6.html
    tomcat/site/trunk/docs/security-7.html
    tomcat/site/trunk/xdocs/security-6.xml
    tomcat/site/trunk/xdocs/security-7.xml

Modified: tomcat/site/trunk/docs/security-6.html
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-6.html?rev=1417137&r1=1417136&r2=1417137&view=diff
==============================================================================
--- tomcat/site/trunk/docs/security-6.html (original)
+++ tomcat/site/trunk/docs/security-6.html Tue Dec  4 19:48:32 2012
@@ -389,6 +389,77 @@
     
 <p>Affects: 6.0.0-6.0.35</p>
         
+    
+<p>
+<strong>Important: Bypass of security constraints</strong>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3546"; 
rel="nofollow">CVE-2012-3546</a>
+</p>
+
+    
+<p>When using FORM authentication it was possible to bypass the security
+       constraint checks in the FORM authenticator by appending
+       <code>/j_security_check</code> to the end of the URL if some other
+       component (such as the Single-Sign-On valve) had called
+       <code>request.setUserPrincipal()</code> before the call to
+       <code>FormAuthenticator#authenticate()</code>.
+    </p>
+
+    
+<p>This was fixed in revision <a 
href="http://svn.apache.org/viewvc?view=rev&amp;rev=1381035";>1381035</a>.</p>
+
+    
+<p>This issue was identified by the Tomcat security team on 13 July 2012 and
+       made public on 4 December 2012.</p>
+
+    
+<p>Affects: 6.0.0-6.0.36</p>
+
+    
+<p>
+<strong>Important: Bypass of CSRF prevention filter</strong>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4431"; 
rel="nofollow">CVE-2012-4431</a>
+</p>
+
+    
+<p>The CSRF prevention filter could be bypassed if a request was made to a
+       protected resource without a session identifier present in the request.
+    </p>
+
+    
+<p>This was fixed in revision <a 
href="http://svn.apache.org/viewvc?view=rev&amp;rev=1394456";>1394456</a>.</p>
+
+    
+<p>This issue was identified by the Tomcat security team on 8 September 2012
+       and made public on 4 December 2012.</p>
+
+    
+<p>Affects: 6.0.0-6.0.36</p>
+
+    
+<p>
+<strong>Important: Denial of service</strong>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4534"; 
rel="nofollow">CVE-2012-4534</a>
+</p>
+
+    
+<p>When using the NIO connector with sendfile and HTTPS enabled, if a client
+       breaks the connection while reading the response an infinite loop is
+       entered leading to a denial of service. This was originally reported as
+       <a href="https://issues.apache.org/bugzilla/show_bug.cgi?id=52858";>bug
+       52858</a>.
+    </p>
+
+    
+<p>This was fixed in revision <a 
href="http://svn.apache.org/viewvc?view=rev&amp;rev=1372035";>1372035</a>.</p>
+
+    
+<p>The security implications of this bug were reported to the Tomcat
+       security team by Arun Neelicattu of the Red Hat Security Response Team 
on
+       3 October 2012 and made public on 4 December 2012.</p>
+
+    
+<p>Affects: 6.0.0-6.0.35</p>
+
   
 </blockquote>
 </p>

Modified: tomcat/site/trunk/docs/security-7.html
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-7.html?rev=1417137&r1=1417136&r2=1417137&view=diff
==============================================================================
--- tomcat/site/trunk/docs/security-7.html (original)
+++ tomcat/site/trunk/docs/security-7.html Tue Dec  4 19:48:32 2012
@@ -368,6 +368,52 @@
     
 <p>Affects: 7.0.0-7.0.29</p>
 
+    
+<p>
+<strong>Important: Bypass of security constraints</strong>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3546"; 
rel="nofollow">CVE-2012-3546</a>
+</p>
+
+    
+<p>When using FORM authentication it was possible to bypass the security
+       constraint checks in the FORM authenticator by appending
+       <code>/j_security_check</code> to the end of the URL if some other
+       component (such as the Single-Sign-On valve) had called
+       <code>request.setUserPrincipal()</code> before the call to
+       <code>FormAuthenticator#authenticate()</code>.
+    </p>
+
+    
+<p>This was fixed in revision <a 
href="http://svn.apache.org/viewvc?view=rev&amp;rev=1377892";>1377892</a>.</p>
+
+    
+<p>This issue was identified by the Tomcat security team on 13 July 2012 and
+       made public on 4 December 2012.</p>
+
+    
+<p>Affects: 7.0.0-7.0.29</p>
+
+    
+<p>
+<strong>Important: Bypass of CSRF prevention filter</strong>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4431"; 
rel="nofollow">CVE-2012-4431</a>
+</p>
+
+    
+<p>The CSRF prevention filter could be bypassed if a request was made to a
+       protected resource without a session identifier present in the request.
+    </p>
+
+    
+<p>This was fixed in revision <a 
href="http://svn.apache.org/viewvc?view=rev&amp;rev=1393088";>1393088</a>.</p>
+
+    
+<p>This issue was identified by the Tomcat security team on 8 September 2012
+       and made public on 4 December 2012.</p>
+
+    
+<p>Affects: 7.0.0-7.0.31</p>
+
   
 </blockquote>
 </p>
@@ -412,6 +458,31 @@
     
 <p>Affects: 7.0.0-7.0.27</p>
 
+    
+<p>
+<strong>Important: Denial of service</strong>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4534"; 
rel="nofollow">CVE-2012-4534</a>
+</p>
+
+    
+<p>When using the NIO connector with sendfile and HTTPS enabled, if a client
+       breaks the connection while reading the response an infinite loop is
+       entered leading to a denial of service. This was originally reported as
+       <a href="https://issues.apache.org/bugzilla/show_bug.cgi?id=52858";>bug
+       52858</a>.
+    </p>
+
+    
+<p>This was fixed in revision <a 
href="http://svn.apache.org/viewvc?view=rev&amp;rev=1340218";>1340218</a>.</p>
+
+    
+<p>The security implications of this bug were reported to the Tomcat
+       security team by Arun Neelicattu of the Red Hat Security Response Team 
on
+       3 October 2012 and made public on 4 December 2012.</p>
+
+    
+<p>Affects: 7.0.0-7.0.27</p>
+
   
 </blockquote>
 </p>

Modified: tomcat/site/trunk/xdocs/security-6.xml
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-6.xml?rev=1417137&r1=1417136&r2=1417137&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/security-6.xml (original)
+++ tomcat/site/trunk/xdocs/security-6.xml Tue Dec  4 19:48:32 2012
@@ -93,6 +93,56 @@
 
     <p>Affects: 6.0.0-6.0.35</p>
         
+    <p><strong>Important: Bypass of security constraints</strong>
+       <cve>CVE-2012-3546</cve></p>
+
+    <p>When using FORM authentication it was possible to bypass the security
+       constraint checks in the FORM authenticator by appending
+       <code>/j_security_check</code> to the end of the URL if some other
+       component (such as the Single-Sign-On valve) had called
+       <code>request.setUserPrincipal()</code> before the call to
+       <code>FormAuthenticator#authenticate()</code>.
+    </p>
+
+    <p>This was fixed in revision <revlink rev="1381035">1381035</revlink>.</p>
+
+    <p>This issue was identified by the Tomcat security team on 13 July 2012 
and
+       made public on 4 December 2012.</p>
+
+    <p>Affects: 6.0.0-6.0.36</p>
+
+    <p><strong>Important: Bypass of CSRF prevention filter</strong>
+       <cve>CVE-2012-4431</cve></p>
+
+    <p>The CSRF prevention filter could be bypassed if a request was made to a
+       protected resource without a session identifier present in the request.
+    </p>
+
+    <p>This was fixed in revision <revlink rev="1394456">1394456</revlink>.</p>
+
+    <p>This issue was identified by the Tomcat security team on 8 September 
2012
+       and made public on 4 December 2012.</p>
+
+    <p>Affects: 6.0.0-6.0.36</p>
+
+    <p><strong>Important: Denial of service</strong>
+       <cve>CVE-2012-4534</cve></p>
+
+    <p>When using the NIO connector with sendfile and HTTPS enabled, if a 
client
+       breaks the connection while reading the response an infinite loop is
+       entered leading to a denial of service. This was originally reported as
+       <a href="https://issues.apache.org/bugzilla/show_bug.cgi?id=52858";>bug
+       52858</a>.
+    </p>
+
+    <p>This was fixed in revision <revlink rev="1372035">1372035</revlink>.</p>
+
+    <p>The security implications of this bug were reported to the Tomcat
+       security team by Arun Neelicattu of the Red Hat Security Response Team 
on
+       3 October 2012 and made public on 4 December 2012.</p>
+
+    <p>Affects: 6.0.0-6.0.35</p>
+
   </section>
   
   <section name="Fixed in Apache Tomcat 6.0.35" rtext="released 5 Dec 2011">

Modified: tomcat/site/trunk/xdocs/security-7.xml
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-7.xml?rev=1417137&r1=1417136&r2=1417137&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/security-7.xml (original)
+++ tomcat/site/trunk/xdocs/security-7.xml Tue Dec  4 19:48:32 2012
@@ -78,6 +78,38 @@
 
     <p>Affects: 7.0.0-7.0.29</p>
 
+    <p><strong>Important: Bypass of security constraints</strong>
+       <cve>CVE-2012-3546</cve></p>
+
+    <p>When using FORM authentication it was possible to bypass the security
+       constraint checks in the FORM authenticator by appending
+       <code>/j_security_check</code> to the end of the URL if some other
+       component (such as the Single-Sign-On valve) had called
+       <code>request.setUserPrincipal()</code> before the call to
+       <code>FormAuthenticator#authenticate()</code>.
+    </p>
+
+    <p>This was fixed in revision <revlink rev="1377892">1377892</revlink>.</p>
+
+    <p>This issue was identified by the Tomcat security team on 13 July 2012 
and
+       made public on 4 December 2012.</p>
+
+    <p>Affects: 7.0.0-7.0.29</p>
+
+    <p><strong>Important: Bypass of CSRF prevention filter</strong>
+       <cve>CVE-2012-4431</cve></p>
+
+    <p>The CSRF prevention filter could be bypassed if a request was made to a
+       protected resource without a session identifier present in the request.
+    </p>
+
+    <p>This was fixed in revision <revlink rev="1393088">1393088</revlink>.</p>
+
+    <p>This issue was identified by the Tomcat security team on 8 September 
2012
+       and made public on 4 December 2012.</p>
+
+    <p>Affects: 7.0.0-7.0.31</p>
+
   </section>
 
   <section name="Fixed in Apache Tomcat 7.0.28" rtext="released 19 Jun 2012">
@@ -98,6 +130,24 @@
 
     <p>Affects: 7.0.0-7.0.27</p>
 
+    <p><strong>Important: Denial of service</strong>
+       <cve>CVE-2012-4534</cve></p>
+
+    <p>When using the NIO connector with sendfile and HTTPS enabled, if a 
client
+       breaks the connection while reading the response an infinite loop is
+       entered leading to a denial of service. This was originally reported as
+       <a href="https://issues.apache.org/bugzilla/show_bug.cgi?id=52858";>bug
+       52858</a>.
+    </p>
+
+    <p>This was fixed in revision <revlink rev="1340218">1340218</revlink>.</p>
+
+    <p>The security implications of this bug were reported to the Tomcat
+       security team by Arun Neelicattu of the Red Hat Security Response Team 
on
+       3 October 2012 and made public on 4 December 2012.</p>
+
+    <p>Affects: 7.0.0-7.0.27</p>
+
   </section>
 
   <section name="Fixed in Apache Tomcat 7.0.23" rtext="released 25 Nov 2011">



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r1417137 - in /tomcat/site/trunk: docs/security-6.html docs/security-7.html xdocs/security-6.xml xdocs/security-7.xml

Reply via email to