date:20070224

DO NOT REPLY [Bug 372] - examples/ShowSource always reports "Invalid JSP file" due to logic error in ShowSource.java BugRat Report#661

2007-02-24 Thread bugzilla

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=372





--- Additional Comments From [EMAIL PROTECTED]  2007-02-24 02:17 ---
Have you fixed the problem ??
[EMAIL PROTECTED]

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
--- You are receiving this mail because: ---
You are the assignee for the bug, or are watching the assignee.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

svn commit: r511252 - in /tomcat/connectors/trunk/jk/native/iis: Makefile.amd64 Makefile.vc isapi.dsp jk_isapi_plugin.c

2007-02-24 Thread mturk

Author: mturk
Date: Sat Feb 24 03:45:39 2007
New Revision: 511252

URL: http://svn.apache.org/viewvc?view=rev&rev=511252
Log:
Use Microsoft strsafe library for string operations.

Modified:
tomcat/connectors/trunk/jk/native/iis/Makefile.amd64
tomcat/connectors/trunk/jk/native/iis/Makefile.vc
tomcat/connectors/trunk/jk/native/iis/isapi.dsp
tomcat/connectors/trunk/jk/native/iis/jk_isapi_plugin.c

Modified: tomcat/connectors/trunk/jk/native/iis/Makefile.amd64
URL: 
http://svn.apache.org/viewvc/tomcat/connectors/trunk/jk/native/iis/Makefile.amd64?view=diff&rev=511252&r1=511251&r2=511252
==
--- tomcat/connectors/trunk/jk/native/iis/Makefile.amd64 (original)
+++ tomcat/connectors/trunk/jk/native/iis/Makefile.amd64 Sat Feb 24 03:45:39 
2007
@@ -59,7 +59,7 @@
 BSC32_SBRS= \

 LINK32=link.exe
-LINK32_FLAGS=kernel32.lib user32.lib advapi32.lib ws2_32.lib mswsock.lib 
bufferoverflowu.lib /nologo /dll /incremental:no 
/pdb:"$(OUTDIR)\isapi_redirect.pdb" /debug /machine:AMD64 /def:".\isapi.def" 
/out:"$(OUTDIR)\isapi_redirect.dll" /implib:"$(OUTDIR)\isapi_redirect.lib" 
+LINK32_FLAGS=kernel32.lib user32.lib advapi32.lib ws2_32.lib mswsock.lib 
bufferoverflowu.lib strsafe.lib /nologo /dll /incremental:no 
/pdb:"$(OUTDIR)\isapi_redirect.pdb" /debug /machine:AMD64 /def:".\isapi.def" 
/out:"$(OUTDIR)\isapi_redirect.dll" /implib:"$(OUTDIR)\isapi_redirect.lib" 
 DEF_FILE= \
".\isapi.def"
 LINK32_OBJS= \

Modified: tomcat/connectors/trunk/jk/native/iis/Makefile.vc
URL: 
http://svn.apache.org/viewvc/tomcat/connectors/trunk/jk/native/iis/Makefile.vc?view=diff&rev=511252&r1=511251&r2=511252
==
--- tomcat/connectors/trunk/jk/native/iis/Makefile.vc (original)
+++ tomcat/connectors/trunk/jk/native/iis/Makefile.vc Sat Feb 24 03:45:39 2007
@@ -74,7 +74,7 @@
 BSC32_SBRS= \

 LINK32=link.exe
-LINK32_FLAGS=kernel32.lib user32.lib advapi32.lib ws2_32.lib mswsock.lib 
/nologo /base:"0x6A6B" /dll /incremental:no 
/pdb:"$(OUTDIR)\isapi_redirect.pdb" /debug /machine:I386 /def:".\isapi.def" 
/out:"$(OUTDIR)\isapi_redirect.dll" /implib:"$(OUTDIR)\isapi_redirect.lib" 
+LINK32_FLAGS=kernel32.lib user32.lib advapi32.lib ws2_32.lib mswsock.lib 
strsafe.lib /nologo /base:"0x6A6B" /dll /incremental:no 
/pdb:"$(OUTDIR)\isapi_redirect.pdb" /debug /machine:I386 /def:".\isapi.def" 
/out:"$(OUTDIR)\isapi_redirect.dll" /implib:"$(OUTDIR)\isapi_redirect.lib" 
 DEF_FILE= \
".\isapi.def"
 LINK32_OBJS= \

Modified: tomcat/connectors/trunk/jk/native/iis/isapi.dsp
URL: 
http://svn.apache.org/viewvc/tomcat/connectors/trunk/jk/native/iis/isapi.dsp?view=diff&rev=511252&r1=511251&r2=511252
==
--- tomcat/connectors/trunk/jk/native/iis/isapi.dsp (original)
+++ tomcat/connectors/trunk/jk/native/iis/isapi.dsp Sat Feb 24 03:45:39 2007
@@ -53,7 +53,7 @@
 # ADD BSC32 /nologo
 LINK32=link.exe
 # ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib 
advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib 
odbccp32.lib /nologo /dll /machine:I386
-# ADD LINK32 kernel32.lib user32.lib advapi32.lib ws2_32.lib mswsock.lib 
/nologo /base:"0x6A6B" /dll /debug /machine:I386 
/out:"Release\isapi_redirect.dll"
+# ADD LINK32 kernel32.lib user32.lib advapi32.lib ws2_32.lib mswsock.lib 
strsafe.lib /nologo /base:"0x6A6B" /dll /debug /machine:I386 
/out:"Release\isapi_redirect.dll"
 
 !ELSEIF  "$(CFG)" == "isapi - Win32 Debug"
 
@@ -79,7 +79,7 @@
 # ADD BSC32 /nologo
 LINK32=link.exe
 # ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib 
advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib 
odbccp32.lib /nologo /dll /debug /machine:I386 /pdbtype:sept
-# ADD LINK32 kernel32.lib user32.lib advapi32.lib ws2_32.lib mswsock.lib 
/nologo /base:"0x6A6B" /dll /incremental:no /debug /machine:I386 
/out:"Debug\isapi_redirect.dll"
+# ADD LINK32 kernel32.lib user32.lib advapi32.lib ws2_32.lib mswsock.lib 
strsafe.lib /nologo /base:"0x6A6B" /dll /incremental:no /debug 
/machine:I386 /out:"Debug\isapi_redirect.dll"
 
 !ENDIF 
 

Modified: tomcat/connectors/trunk/jk/native/iis/jk_isapi_plugin.c
URL: 
http://svn.apache.org/viewvc/tomcat/connectors/trunk/jk/native/iis/jk_isapi_plugin.c?view=diff&rev=511252&r1=511251&r2=511252
==
--- tomcat/connectors/trunk/jk/native/iis/jk_isapi_plugin.c (original)
+++ tomcat/connectors/trunk/jk/native/iis/jk_isapi_plugin.c Sat Feb 24 03:45:39 
2007
@@ -40,6 +40,8 @@
 #include "jk_uri_worker_map.h"
 #include "jk_shm.h"
 
+#include 
+
 #define VERSION_STRING "Jakarta/ISAPI/" JK_VERSTRING
 #define SHM_DEF_NAME   "JKISAPISHMEM"
 #define DEFAULT_WORKER_NAME ("ajp13")
@@ -70,14 +72,14 @@
 #define HEADER_TEMPLATE  ("%s%p:")
 #defi

svn commit: r511257 - /tomcat/connectors/trunk/jk/native/iis/jk_isapi_plugin.c

2007-02-24 Thread mturk

Author: mturk
Date: Sat Feb 24 03:56:57 2007
New Revision: 511257

URL: http://svn.apache.org/viewvc?view=rev&rev=511257
Log:
Fix detection of invalid paths. We are only intersted if
we have a worker match and if the path contains /web-inf
or /meta-inf. The /someweb-inf is valid path.

Modified:
tomcat/connectors/trunk/jk/native/iis/jk_isapi_plugin.c

Modified: tomcat/connectors/trunk/jk/native/iis/jk_isapi_plugin.c
URL: 
http://svn.apache.org/viewvc/tomcat/connectors/trunk/jk/native/iis/jk_isapi_plugin.c?view=diff&rev=511257&r1=511256&r2=511257
==
--- tomcat/connectors/trunk/jk/native/iis/jk_isapi_plugin.c (original)
+++ tomcat/connectors/trunk/jk/native/iis/jk_isapi_plugin.c Sat Feb 24 03:56:57 
2007
@@ -488,10 +488,10 @@
 
 static int uri_is_web_inf(const char *uri)
 {
-if (stristr(uri, "web-inf")) {
+if (stristr(uri, "/web-inf")) {
 return JK_TRUE;
 }
-if (stristr(uri, "meta-inf")) {
+if (stristr(uri, "/meta-inf")) {
 return JK_TRUE;
 }
 



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

DO NOT REPLY [Bug 39627] - JULI ignores a ".level = XXX" directive in logging.properties

2007-02-24 Thread bugzilla

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=39627





--- Additional Comments From [EMAIL PROTECTED]  2007-02-24 08:07 ---
Fixed in 5.5.22.

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
--- You are receiving this mail because: ---
You are the assignee for the bug, or are watching the assignee.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

svn commit: r511294 - in /tomcat/tc6.0.x/trunk/webapps: ROOT/WEB-INF/web.xml docs/WEB-INF/web.xml docs/changelog.xml examples/WEB-INF/web.xml host-manager/WEB-INF/web.xml manager/WEB-INF/web.xml

2007-02-24 Thread markt

Author: markt
Date: Sat Feb 24 08:20:30 2007
New Revision: 511294

URL: http://svn.apache.org/viewvc?view=rev&rev=511294
Log:
Use correct definition for servlet 2.5 xsd. 

Modified:
tomcat/tc6.0.x/trunk/webapps/ROOT/WEB-INF/web.xml
tomcat/tc6.0.x/trunk/webapps/docs/WEB-INF/web.xml
tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
tomcat/tc6.0.x/trunk/webapps/examples/WEB-INF/web.xml
tomcat/tc6.0.x/trunk/webapps/host-manager/WEB-INF/web.xml
tomcat/tc6.0.x/trunk/webapps/manager/WEB-INF/web.xml

Modified: tomcat/tc6.0.x/trunk/webapps/ROOT/WEB-INF/web.xml
URL: 
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/ROOT/WEB-INF/web.xml?view=diff&rev=511294&r1=511293&r2=511294
==
--- tomcat/tc6.0.x/trunk/webapps/ROOT/WEB-INF/web.xml (original)
+++ tomcat/tc6.0.x/trunk/webapps/ROOT/WEB-INF/web.xml Sat Feb 24 08:20:30 2007
@@ -16,10 +16,10 @@
   limitations under the License.
 -->
 
-http://java.sun.com/xml/ns/j2ee";
-xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
-xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee 
http://java.sun.com/xml/ns/j2ee/web-app_2_5.xsd";
-version="2.5">
+http://java.sun.com/xml/ns/javaee";
+   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
+   xsi:schemaLocation="http://java.sun.com/xml/ns/javaee 
http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd";
+   version="2.5">
 
   Welcome to Tomcat
   

Modified: tomcat/tc6.0.x/trunk/webapps/docs/WEB-INF/web.xml
URL: 
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/docs/WEB-INF/web.xml?view=diff&rev=511294&r1=511293&r2=511294
==
--- tomcat/tc6.0.x/trunk/webapps/docs/WEB-INF/web.xml (original)
+++ tomcat/tc6.0.x/trunk/webapps/docs/WEB-INF/web.xml Sat Feb 24 08:20:30 2007
@@ -1,8 +1,8 @@
 
-http://java.sun.com/xml/ns/j2ee";
-xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
-xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee 
http://java.sun.com/xml/ns/j2ee/web-app_2_5.xsd";
-version="2.5">
+http://java.sun.com/xml/ns/javaee";
+   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
+   xsi:schemaLocation="http://java.sun.com/xml/ns/javaee 
http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd";
+   version="2.5"> 
 
   Tomcat Documentation
   

Modified: tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
URL: 
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml?view=diff&rev=511294&r1=511293&r2=511294
==
--- tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml Sat Feb 24 08:20:30 2007
@@ -27,6 +27,14 @@
   
   
   
+  
+
+  
+Fix previous update to servlet 2.5 xsd to use correct declaration.
+(markt)
+  
+  
+  
 
 
   

Modified: tomcat/tc6.0.x/trunk/webapps/examples/WEB-INF/web.xml
URL: 
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/examples/WEB-INF/web.xml?view=diff&rev=511294&r1=511293&r2=511294
==
--- tomcat/tc6.0.x/trunk/webapps/examples/WEB-INF/web.xml (original)
+++ tomcat/tc6.0.x/trunk/webapps/examples/WEB-INF/web.xml Sat Feb 24 08:20:30 
2007
@@ -16,10 +16,10 @@
   limitations under the License.
 -->
 
-http://java.sun.com/xml/ns/j2ee";
-xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
-xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee 
http://java.sun.com/xml/ns/j2ee/web-app_2_5.xsd";
-version="2.5">
+http://java.sun.com/xml/ns/javaee";
+   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
+   xsi:schemaLocation="http://java.sun.com/xml/ns/javaee 
http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd";
+   version="2.5"> 
 
 
   Servlet and JSP Examples.

Modified: tomcat/tc6.0.x/trunk/webapps/host-manager/WEB-INF/web.xml
URL: 
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/host-manager/WEB-INF/web.xml?view=diff&rev=511294&r1=511293&r2=511294
==
--- tomcat/tc6.0.x/trunk/webapps/host-manager/WEB-INF/web.xml (original)
+++ tomcat/tc6.0.x/trunk/webapps/host-manager/WEB-INF/web.xml Sat Feb 24 
08:20:30 2007
@@ -1,9 +1,9 @@
 
 
-http://java.sun.com/xml/ns/j2ee";
-xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
-xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee 
http://java.sun.com/xml/ns/j2ee/web-app_2_5.xsd";
-version="2.5">
+http://java.sun.com/xml/ns/javaee";
+   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
+   xsi:schemaLocation="http://java.sun.com/xml/ns/javaee 
http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd";
+   version="2.5"> 
 
   Tomcat Manager Application
   

Modified: tomcat/tc6.0.x/trunk/webapps/manager/WEB-INF/web.xml
URL: 
http://svn.apache.org/viewvc/tomcat/tc6.0.x/tru

svn commit: r511326 - in /tomcat/connectors/trunk/jk/native: apache-1.3/mod_jk.c apache-2.0/mod_jk.c common/jk_map.c common/jk_util.c

2007-02-24 Thread jfclere

Author: jfclere
Date: Sat Feb 24 11:02:40 2007
New Revision: 511326

URL: http://svn.apache.org/viewvc?view=rev&rev=511326
Log:
Check the worker parameters.

Modified:
tomcat/connectors/trunk/jk/native/apache-1.3/mod_jk.c
tomcat/connectors/trunk/jk/native/apache-2.0/mod_jk.c
tomcat/connectors/trunk/jk/native/common/jk_map.c
tomcat/connectors/trunk/jk/native/common/jk_util.c

Modified: tomcat/connectors/trunk/jk/native/apache-1.3/mod_jk.c
URL: 
http://svn.apache.org/viewvc/tomcat/connectors/trunk/jk/native/apache-1.3/mod_jk.c?view=diff&rev=511326&r1=511325&r2=511326
==
--- tomcat/connectors/trunk/jk/native/apache-1.3/mod_jk.c (original)
+++ tomcat/connectors/trunk/jk/native/apache-1.3/mod_jk.c Sat Feb 24 11:02:40 
2007
@@ -1744,9 +1744,9 @@
 jk_server_conf_t *conf =
 (jk_server_conf_t *) ap_get_module_config(s->module_config,
   &jk_module);
-
+ 
 if (jk_map_read_property(conf->worker_properties, line, 1, conf->log) == 
JK_FALSE)
-return ap_pstrcat(cmd->temp_pool, "Invalid JkWorkerProperty ", line);
+return ap_pstrcat(cmd->temp_pool, "Invalid JkWorkerProperty ", line, 
NULL);
 
 return NULL;
 }
@@ -2543,8 +2543,9 @@
 ap_log_error(APLOG_MARK, APLOG_EMERG, s,
  "No worker file and no worker options in httpd.conf "
  "use JkWorkerFile to set workers");
-return;
 }
+ap_log_error(APLOG_MARK, APLOG_EMERG | APLOG_NOERRNO, 0, NULL, "Error 
in reading worker properties");
+return !OK;
 
 }
 #if MODULE_MAGIC_NUMBER >= 19980527

Modified: tomcat/connectors/trunk/jk/native/apache-2.0/mod_jk.c
URL: 
http://svn.apache.org/viewvc/tomcat/connectors/trunk/jk/native/apache-2.0/mod_jk.c?view=diff&rev=511326&r1=511325&r2=511326
==
--- tomcat/connectors/trunk/jk/native/apache-2.0/mod_jk.c (original)
+++ tomcat/connectors/trunk/jk/native/apache-2.0/mod_jk.c Sat Feb 24 11:02:40 
2007
@@ -250,7 +250,7 @@
 static int JK_METHOD ws_read(jk_ws_service_t *s,
  void *b, unsigned len, unsigned *actually_read);
 
-static void init_jk(apr_pool_t * pconf, jk_server_conf_t * conf,
+static int init_jk(apr_pool_t * pconf, jk_server_conf_t * conf,
 server_rec * s);
 
 static int JK_METHOD ws_write(jk_ws_service_t *s, const void *b, unsigned l);
@@ -1788,7 +1788,7 @@
 }
 
 if (jk_map_read_property(conf->worker_properties, line, 1, conf->log) == 
JK_FALSE)
-return apr_pstrcat(cmd->temp_pool, "Invalid JkWorkerProperty ", line);
+return apr_pstrcat(cmd->temp_pool, "Invalid JkWorkerProperty ", line, 
NULL);
 
 return NULL;
 }
@@ -2608,7 +2608,7 @@
 SetHandler and normal apache directives ( but minimal jk-specific
 stuff )
 */
-static void init_jk(apr_pool_t * pconf, jk_server_conf_t * conf,
+static int init_jk(apr_pool_t * pconf, jk_server_conf_t * conf,
 server_rec * s)
 {
 int rc;
@@ -2664,12 +2664,14 @@
  0, NULL,
  "No worker file and no worker options in httpd.conf"
  "use JkWorkerFile to set workers");
-return;
 }
+ap_log_error(APLOG_MARK, APLOG_EMERG | APLOG_NOERRNO, 0, NULL, "Error 
in reading worker properties");
+return !OK;
 }
 
 if (jk_map_resolve_references(init_map, "worker.", 1, 1, conf->log) == 
JK_FALSE) {
-jk_error_exit(APLOG_MARK, APLOG_EMERG, s, pconf, "Error in resolving 
configuration references");
+ap_log_error(APLOG_MARK, APLOG_EMERG | APLOG_NOERRNO, 0, NULL, "Error 
in resolving configuration references");
+return !OK;
 }
 
 /* we add the URI->WORKER MAP since workers using AJP14
@@ -2684,6 +2686,7 @@
 if (wc_open(init_map, &worker_env, conf->log)) {
 ap_add_version_component(pconf, JK_EXPOSED_VERSION);
 }
+return OK;
 }
 
 static int jk_post_config(apr_pool_t * pconf,
@@ -2701,7 +2704,7 @@
   pconf)) != APR_SUCCESS) {
 ap_log_error(APLOG_MARK, APLOG_CRIT, rv, s,
  "mod_jk: could not create jk_log_lock");
-return HTTP_INTERNAL_SERVER_ERROR;
+return !OK;
 }
 
 #if JK_NEED_SET_MUTEX_PERMS
@@ -2710,7 +2713,7 @@
 ap_log_error(APLOG_MARK, APLOG_CRIT, rv, s,
  "mod_jk: Could not set permissions on "
  "jk_log_lock; check User and Group directives");
-return HTTP_INTERNAL_SERVER_ERROR;
+return !OK;
 }
 #endif
 
@@ -2728,7 +2731,7 @@
 jk_server_conf_t *sconf = (jk_server_conf_t 
*)ap_get_module_config(srv->module_config,

&jk_module);
 if (open_jklog(srv

svn commit: r511333 - /tomcat/connectors/trunk/jk/jkstatus/

2007-02-24 Thread markt

Author: markt
Date: Sat Feb 24 11:58:46 2007
New Revision: 511333

URL: http://svn.apache.org/viewvc?view=rev&rev=511333
Log:
Update ignore list

Modified:
tomcat/connectors/trunk/jk/jkstatus/   (props changed)

Propchange: tomcat/connectors/trunk/jk/jkstatus/
--
--- svn:ignore (added)
+++ svn:ignore Sat Feb 24 11:58:46 2007
@@ -0,0 +1,2 @@
+build
+dist



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: svn commit: r511252 - in /tomcat/connectors/trunk/jk/native/iis: Makefile.amd64 Makefile.vc isapi.dsp jk_isapi_plugin.c

2007-02-24 Thread William A. Rowe, Jr.

GOOD GOD you can't be serious :)

strncat strncpy exist for a reason, C's been safe for decades if
only the correct functions are chosen :)

It would be a -1, but I don't count myself amongst the voters here.

[EMAIL PROTECTED] wrote:
> Author: mturk
> Date: Sat Feb 24 03:45:39 2007
> New Revision: 511252
> 
> URL: http://svn.apache.org/viewvc?view=rev&rev=511252
> Log:
> Use Microsoft strsafe library for string operations.
> 
> Modified:
> tomcat/connectors/trunk/jk/native/iis/Makefile.amd64
> tomcat/connectors/trunk/jk/native/iis/Makefile.vc
> tomcat/connectors/trunk/jk/native/iis/isapi.dsp
> tomcat/connectors/trunk/jk/native/iis/jk_isapi_plugin.c
> 
> Modified: tomcat/connectors/trunk/jk/native/iis/Makefile.amd64
> URL: 
> http://svn.apache.org/viewvc/tomcat/connectors/trunk/jk/native/iis/Makefile.amd64?view=diff&rev=511252&r1=511251&r2=511252
> ==
> --- tomcat/connectors/trunk/jk/native/iis/Makefile.amd64 (original)
> +++ tomcat/connectors/trunk/jk/native/iis/Makefile.amd64 Sat Feb 24 03:45:39 
> 2007
> @@ -59,7 +59,7 @@
>  BSC32_SBRS= \
>   
>  LINK32=link.exe
> -LINK32_FLAGS=kernel32.lib user32.lib advapi32.lib ws2_32.lib mswsock.lib 
> bufferoverflowu.lib /nologo /dll /incremental:no 
> /pdb:"$(OUTDIR)\isapi_redirect.pdb" /debug /machine:AMD64 /def:".\isapi.def" 
> /out:"$(OUTDIR)\isapi_redirect.dll" /implib:"$(OUTDIR)\isapi_redirect.lib" 
> +LINK32_FLAGS=kernel32.lib user32.lib advapi32.lib ws2_32.lib mswsock.lib 
> bufferoverflowu.lib strsafe.lib /nologo /dll /incremental:no 
> /pdb:"$(OUTDIR)\isapi_redirect.pdb" /debug /machine:AMD64 /def:".\isapi.def" 
> /out:"$(OUTDIR)\isapi_redirect.dll" /implib:"$(OUTDIR)\isapi_redirect.lib" 
>  DEF_FILE= \
>   ".\isapi.def"
>  LINK32_OBJS= \
> 
> Modified: tomcat/connectors/trunk/jk/native/iis/Makefile.vc
> URL: 
> http://svn.apache.org/viewvc/tomcat/connectors/trunk/jk/native/iis/Makefile.vc?view=diff&rev=511252&r1=511251&r2=511252
> ==
> --- tomcat/connectors/trunk/jk/native/iis/Makefile.vc (original)
> +++ tomcat/connectors/trunk/jk/native/iis/Makefile.vc Sat Feb 24 03:45:39 2007
> @@ -74,7 +74,7 @@
>  BSC32_SBRS= \
>   
>  LINK32=link.exe
> -LINK32_FLAGS=kernel32.lib user32.lib advapi32.lib ws2_32.lib mswsock.lib 
> /nologo /base:"0x6A6B" /dll /incremental:no 
> /pdb:"$(OUTDIR)\isapi_redirect.pdb" /debug /machine:I386 /def:".\isapi.def" 
> /out:"$(OUTDIR)\isapi_redirect.dll" /implib:"$(OUTDIR)\isapi_redirect.lib" 
> +LINK32_FLAGS=kernel32.lib user32.lib advapi32.lib ws2_32.lib mswsock.lib 
> strsafe.lib /nologo /base:"0x6A6B" /dll /incremental:no 
> /pdb:"$(OUTDIR)\isapi_redirect.pdb" /debug /machine:I386 /def:".\isapi.def" 
> /out:"$(OUTDIR)\isapi_redirect.dll" /implib:"$(OUTDIR)\isapi_redirect.lib" 
>  DEF_FILE= \
>   ".\isapi.def"
>  LINK32_OBJS= \
> 
> Modified: tomcat/connectors/trunk/jk/native/iis/isapi.dsp
> URL: 
> http://svn.apache.org/viewvc/tomcat/connectors/trunk/jk/native/iis/isapi.dsp?view=diff&rev=511252&r1=511251&r2=511252
> ==
> --- tomcat/connectors/trunk/jk/native/iis/isapi.dsp (original)
> +++ tomcat/connectors/trunk/jk/native/iis/isapi.dsp Sat Feb 24 03:45:39 2007
> @@ -53,7 +53,7 @@
>  # ADD BSC32 /nologo
>  LINK32=link.exe
>  # ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib 
> comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib 
> odbc32.lib odbccp32.lib /nologo /dll /machine:I386
> -# ADD LINK32 kernel32.lib user32.lib advapi32.lib ws2_32.lib mswsock.lib 
> /nologo /base:"0x6A6B" /dll /debug /machine:I386 
> /out:"Release\isapi_redirect.dll"
> +# ADD LINK32 kernel32.lib user32.lib advapi32.lib ws2_32.lib mswsock.lib 
> strsafe.lib /nologo /base:"0x6A6B" /dll /debug /machine:I386 
> /out:"Release\isapi_redirect.dll"
>  
>  !ELSEIF  "$(CFG)" == "isapi - Win32 Debug"
>  
> @@ -79,7 +79,7 @@
>  # ADD BSC32 /nologo
>  LINK32=link.exe
>  # ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib 
> comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib 
> odbc32.lib odbccp32.lib /nologo /dll /debug /machine:I386 /pdbtype:sept
> -# ADD LINK32 kernel32.lib user32.lib advapi32.lib ws2_32.lib mswsock.lib 
> /nologo /base:"0x6A6B" /dll /incremental:no /debug /machine:I386 
> /out:"Debug\isapi_redirect.dll"
> +# ADD LINK32 kernel32.lib user32.lib advapi32.lib ws2_32.lib mswsock.lib 
> strsafe.lib /nologo /base:"0x6A6B" /dll /incremental:no /debug 
> /machine:I386 /out:"Debug\isapi_redirect.dll"
>  
>  !ENDIF 
>  
> 
> Modified: tomcat/connectors/trunk/jk/native/iis/jk_isapi_plugin.c
> URL: 
> http://svn.apache.org/viewvc/tomcat/connectors/trunk/jk/native/iis/jk_isapi_plugin.c?view=diff&rev=511252&r1=511251&r2=511252
> ==
> --- tomcat/c

Re: svn commit: r511252 - in /tomcat/connectors/trunk/jk/native/iis: Makefile.amd64 Makefile.vc isapi.dsp jk_isapi_plugin.c

2007-02-24 Thread Mladen Turk


William A. Rowe, Jr. wrote:

GOOD GOD you can't be serious :)

strncat strncpy exist for a reason, C's been safe for decades if
only the correct functions are chosen :)



Didn't say it's wrong or something like that,
but beside constantly fighting with hacking
and suppressing newest MS compilers security presumptions,
I see nothing wrong of using provided SDK functions
for MS only related code.

Regards,
Mladen.


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

svn commit: r511369 - in /tomcat/site/trunk: docs/security-5.html xdocs/security-5.xml

2007-02-24 Thread markt

Author: markt
Date: Sat Feb 24 15:22:27 2007
New Revision: 511369

URL: http://svn.apache.org/viewvc?view=rev&rev=511369
Log:
Add documentation for CVE-2005-1754

Modified:
tomcat/site/trunk/docs/security-5.html
tomcat/site/trunk/xdocs/security-5.xml

Modified: tomcat/site/trunk/docs/security-5.html
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-5.html?view=diff&rev=511369&r1=511368&r2=511369
==
--- tomcat/site/trunk/docs/security-5.html (original)
+++ tomcat/site/trunk/docs/security-5.html Sat Feb 24 15:22:27 2007
@@ -259,6 +259,38 @@
 
 
 
+
+
+
+
+
+Not  a vulnerability in Tomcat
+
+
+
+
+
+
+
+
+
+JavaMail information disclosure
+   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1754";>
+   CVE-2005-1754
+
+The vulnerability described is in the web application deployed on Tomcat
+   rather than in Tomcat.
+
+  
+
+
+
+
+
+
+
+
+
 
 
 

Modified: tomcat/site/trunk/xdocs/security-5.xml
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-5.xml?view=diff&rev=511369&r1=511368&r2=511369
==
--- tomcat/site/trunk/xdocs/security-5.xml (original)
+++ tomcat/site/trunk/xdocs/security-5.xml Sat Feb 24 15:22:27 2007
@@ -54,6 +54,16 @@
 Affects: 5.0.0-5.5.30, 5.5.0-5.5.12
   
 
+  
+JavaMail information disclosure
+   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1754";>
+   CVE-2005-1754
+The vulnerability described is in the web application deployed on Tomcat
+   rather than in Tomcat.
+
+  
+
 
 
 



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

svn commit: r511370 - in /tomcat/site/trunk: docs/security-5.html xdocs/security-5.xml

2007-02-24 Thread markt

Author: markt
Date: Sat Feb 24 15:29:39 2007
New Revision: 511370

URL: http://svn.apache.org/viewvc?view=rev&rev=511370
Log:
Add documentation for CVE-2005-1753

Modified:
tomcat/site/trunk/docs/security-5.html
tomcat/site/trunk/xdocs/security-5.xml

Modified: tomcat/site/trunk/docs/security-5.html
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-5.html?view=diff&rev=511370&r1=511369&r2=511370
==
--- tomcat/site/trunk/docs/security-5.html (original)
+++ tomcat/site/trunk/docs/security-5.html Sat Feb 24 15:29:39 2007
@@ -263,8 +263,8 @@
 
 
 
-
-Not  a vulnerability in Tomcat
+
+Not a vulnerability in Tomcat
 
 
 
@@ -277,6 +277,14 @@
 JavaMail information disclosure
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1754";>
CVE-2005-1754
+
+The vulnerability described is in the web application deployed on Tomcat
+   rather than in Tomcat.
+
+
+JavaMail information disclosure
+   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1753";>
+   CVE-2005-1753
 
 The vulnerability described is in the web application deployed on Tomcat
rather than in Tomcat.

Modified: tomcat/site/trunk/xdocs/security-5.xml
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-5.xml?view=diff&rev=511370&r1=511369&r2=511370
==
--- tomcat/site/trunk/xdocs/security-5.xml (original)
+++ tomcat/site/trunk/xdocs/security-5.xml Sat Feb 24 15:29:39 2007
@@ -54,11 +54,16 @@
 Affects: 5.0.0-5.5.30, 5.5.0-5.5.12
   
 
-  
+  
 JavaMail information disclosure
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1754";>
CVE-2005-1754
+The vulnerability described is in the web application deployed on Tomcat
+   rather than in Tomcat.
+
+JavaMail information disclosure
+   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1753";>
+   CVE-2005-1753
 The vulnerability described is in the web application deployed on Tomcat
rather than in Tomcat.
 



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

svn commit: r511373 - in /tomcat/site/trunk: docs/security-3.html xdocs/security-3.xml

2007-02-24 Thread markt

Author: markt
Date: Sat Feb 24 15:44:02 2007
New Revision: 511373

URL: http://svn.apache.org/viewvc?view=rev&rev=511373
Log:
Add documentation for CVE-2005-0808

Modified:
tomcat/site/trunk/docs/security-3.html
tomcat/site/trunk/xdocs/security-3.xml

Modified: tomcat/site/trunk/docs/security-3.html
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-3.html?view=diff&rev=511373&r1=511372&r2=511373
==
--- tomcat/site/trunk/docs/security-3.html (original)
+++ tomcat/site/trunk/docs/security-3.html Sat Feb 24 15:44:02 2007
@@ -208,6 +208,43 @@
 
 
 
+
+Not fixed in Apache Tomcat 3.x
+
+
+
+
+
+
+
+
+
+important: Remote denial of service
+   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0808";>
+   CVE-2005-0808
+
+
+Tomcat 3.x can be remotely caused to crash or shutdown by a connection
+   sending the right sequence of bytes to the AJP12 protocol port (TCP 8007
+   by default). Tomcat 3.x users are advised to ensure that this port is
+   adequately firewalled to ensure it is not accessible to remote 
attackers.
+   There are no plans to issue a an update to Tomcat 3.x for this 
issue.
+
+Affects: 3.0, 3.1-3.1.1, 3.2-3.2.4, 3.3-3.3.2
+  
+
+
+
+
+
+
+
+
+
+
+
+
+
 
 Fixed in Apache Tomcat 3.?.?
 

Modified: tomcat/site/trunk/xdocs/security-3.xml
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-3.xml?view=diff&rev=511373&r1=511372&r2=511373
==
--- tomcat/site/trunk/xdocs/security-3.xml (original)
+++ tomcat/site/trunk/xdocs/security-3.xml Sat Feb 24 15:44:02 2007
@@ -24,6 +24,20 @@
 
   
 
+  
+important: Remote denial of service
+   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0808";>
+   CVE-2005-0808
+
+Tomcat 3.x can be remotely caused to crash or shutdown by a connection
+   sending the right sequence of bytes to the AJP12 protocol port (TCP 8007
+   by default). Tomcat 3.x users are advised to ensure that this port is
+   adequately firewalled to ensure it is not accessible to remote 
attackers.
+   There are no plans to issue a an update to Tomcat 3.x for this 
issue.
+
+Affects: 3.0, 3.1-3.1.1, 3.2-3.2.4, 3.3-3.3.2
+  
+
   
 
   



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

svn commit: r511398 - in /tomcat/site/trunk: docs/security-3.html xdocs/security-3.xml

2007-02-24 Thread markt

Author: markt
Date: Sat Feb 24 17:39:24 2007
New Revision: 511398

URL: http://svn.apache.org/viewvc?view=rev&rev=511398
Log:
Clean up TC3 issues and make descriptions consistent

Modified:
tomcat/site/trunk/docs/security-3.html
tomcat/site/trunk/xdocs/security-3.xml

Modified: tomcat/site/trunk/docs/security-3.html
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-3.html?view=diff&rev=511398&r1=511397&r2=511398
==
--- tomcat/site/trunk/docs/security-3.html (original)
+++ tomcat/site/trunk/docs/security-3.html Sat Feb 24 17:39:24 2007
@@ -219,7 +219,7 @@
 
 
 
-important: Remote denial of service
+important: Denial of service
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0808";>
CVE-2005-0808
 
@@ -231,31 +231,6 @@
There are no plans to issue a an update to Tomcat 3.x for this 
issue.
 
 Affects: 3.0, 3.1-3.1.1, 3.2-3.2.4, 3.3-3.3.2
-  
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Fixed in Apache Tomcat 3.?.?
-
-
-
-
-
-
-
-
-
   
 
 

Modified: tomcat/site/trunk/xdocs/security-3.xml
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-3.xml?view=diff&rev=511398&r1=511397&r2=511398
==
--- tomcat/site/trunk/xdocs/security-3.xml (original)
+++ tomcat/site/trunk/xdocs/security-3.xml Sat Feb 24 17:39:24 2007
@@ -25,7 +25,7 @@
   
 
   
-important: Remote denial of service
+important: Denial of service
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0808";>
CVE-2005-0808
 
@@ -38,9 +38,6 @@
 Affects: 3.0, 3.1-3.1.1, 3.2-3.2.4, 3.3-3.3.2
   
 
-  
-
-  
 
 
 



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

svn commit: r511399 - in /tomcat/site/trunk: docs/security-4.html xdocs/security-4.xml

2007-02-24 Thread markt

Author: markt
Date: Sat Feb 24 17:41:29 2007
New Revision: 511399

URL: http://svn.apache.org/viewvc?view=rev&rev=511399
Log:
Add documentation for CVE-2003-0866

Modified:
tomcat/site/trunk/docs/security-4.html
tomcat/site/trunk/xdocs/security-4.xml

Modified: tomcat/site/trunk/docs/security-4.html
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-4.html?view=diff&rev=511399&r1=511398&r2=511399
==
--- tomcat/site/trunk/docs/security-4.html (original)
+++ tomcat/site/trunk/docs/security-4.html Sat Feb 24 17:41:29 2007
@@ -263,6 +263,41 @@
 
 
 
+
+Fixed in Apache Tomcat 4.1.0
+
+
+
+
+
+
+
+
+
+important: Denial of service
+   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0866";>
+   CVE-2003-0866
+
+
+A malformed HTTP request can cause the request processing thread to
+   become unresponsive. A sequence of such requests will cause all request
+   processing threads, and hence Tomcat as a whole, to become 
unresponsive.
+
+Affects: 4.0.0-4.0.6
+  
+
+
+
+
+
+
+
+
+
+
+
+
+
 
 Unverified
 

Modified: tomcat/site/trunk/xdocs/security-4.xml
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-4.xml?view=diff&rev=511399&r1=511398&r2=511399
==
--- tomcat/site/trunk/xdocs/security-4.xml (original)
+++ tomcat/site/trunk/xdocs/security-4.xml Sat Feb 24 17:41:29 2007
@@ -54,6 +54,18 @@
 Affects: 4.0.0-4.0.6, 4.1.0-4.1.31
   
 
+  
+important: Denial of service
+   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0866";>
+   CVE-2003-0866
+
+A malformed HTTP request can cause the request processing thread to
+   become unresponsive. A sequence of such requests will cause all request
+   processing threads, and hence Tomcat as a whole, to become 
unresponsive.
+
+Affects: 4.0.0-4.0.6
+  
+
   
 low: Installation path disclosure
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4703";>



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

svn commit: r511401 - in /tomcat/site/trunk: docs/security-3.html xdocs/security-3.xml

2007-02-24 Thread markt

Author: markt
Date: Sat Feb 24 17:58:53 2007
New Revision: 511401

URL: http://svn.apache.org/viewvc?view=rev&rev=511401
Log:
Add documentation for CVE-2003-0045

Modified:
tomcat/site/trunk/docs/security-3.html
tomcat/site/trunk/xdocs/security-3.xml

Modified: tomcat/site/trunk/docs/security-3.html
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-3.html?view=diff&rev=511401&r1=511400&r2=511401
==
--- tomcat/site/trunk/docs/security-3.html (original)
+++ tomcat/site/trunk/docs/security-3.html Sat Feb 24 17:58:53 2007
@@ -241,6 +241,42 @@
 
 
 
+
+
+
+
+
+Fixed in Apache Tomcat 3.3.1
+
+
+
+
+
+
+
+
+
+important: Denial of service
+   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0045";>
+   CVE-2003-0045
+
+
+JSP page names that match a Windows DOS device name, such as aux.jsp, 
may
+   cause the thread processing the request to become unresponsive. A
+   sequence of such requests may cause all request processing threads, and
+   hence Tomcat, to become unresponsive.
+
+Affects: 3.0, 3.1-3.1.1, 3.2-3.2.4, 3.3
+  
+
+
+
+
+
+
+
+
+
 
 
 

Modified: tomcat/site/trunk/xdocs/security-3.xml
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-3.xml?view=diff&rev=511401&r1=511400&r2=511401
==
--- tomcat/site/trunk/xdocs/security-3.xml (original)
+++ tomcat/site/trunk/xdocs/security-3.xml Sat Feb 24 17:58:53 2007
@@ -38,6 +38,19 @@
 Affects: 3.0, 3.1-3.1.1, 3.2-3.2.4, 3.3-3.3.2
   
 
+  
+important: Denial of service
+   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0045";>
+   CVE-2003-0045
+
+JSP page names that match a Windows DOS device name, such as aux.jsp, 
may
+   cause the thread processing the request to become unresponsive. A
+   sequence of such requests may cause all request processing threads, and
+   hence Tomcat, to become unresponsive.
+
+Affects: 3.0, 3.1-3.1.1, 3.2-3.2.4, 3.3
+  
+
 
 
 



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

svn commit: r511406 - in /tomcat/site/trunk: docs/security-3.html xdocs/security-3.xml

2007-02-24 Thread markt

Author: markt
Date: Sat Feb 24 18:31:19 2007
New Revision: 511406

URL: http://svn.apache.org/viewvc?view=rev&rev=511406
Log:
Add documentation for CVE-2003-0044, CVE-2003-0043 and CVE-2003-0042

Modified:
tomcat/site/trunk/docs/security-3.html
tomcat/site/trunk/xdocs/security-3.xml

Modified: tomcat/site/trunk/docs/security-3.html
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-3.html?view=diff&rev=511406&r1=511405&r2=511406
==
--- tomcat/site/trunk/docs/security-3.html (original)
+++ tomcat/site/trunk/docs/security-3.html Sat Feb 24 18:31:19 2007
@@ -245,6 +245,89 @@
 
 
 
+
+Fixed in Apache Tomcat 3.3.2
+
+
+
+
+
+
+
+
+
+moderate: Cross site scripting
+   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0044";>
+   CVE-2003-0044
+
+
+The root web application and the examples web application contained a
+   number a cross-site scripting vulnerabilities. Note that is it
+   recommended that the examples web application is not installed on
+   production servers.
+
+Affects: 3.0, 3.1-3.1.1, 3.2-3.2.4, 3.3-3.3.1a
+  
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Fixed in Apache Tomcat 3.3.1a
+
+
+
+
+
+
+
+
+
+important: Information disclosure
+   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0043";>
+   CVE-2003-0043
+
+
+When used with JDK 1.3.1 or earlier, web.xml files were read with
+   trusted privileges enabling files outside of the web application to be
+   read even when running under a security manager.
+
+Affects: 3.0, 3.1-3.1.1, 3.2-3.2.4, 3.3-3.3.1
+
+
+important: Information disclosure
+   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0042";>
+   CVE-2003-0042
+
+
+URLs containing null characters could result in file contents being
+   returned or a directory listing being returned even when a welcome file
+   was defined.
+
+Affects: 3.0, 3.1-3.1.1, 3.2-3.2.4, 3.3-3.3.1
+  
+
+
+
+
+
+
+
+
+
+
+
+
+
 
 Fixed in Apache Tomcat 3.3.1
 

Modified: tomcat/site/trunk/xdocs/security-3.xml
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-3.xml?view=diff&rev=511406&r1=511405&r2=511406
==
--- tomcat/site/trunk/xdocs/security-3.xml (original)
+++ tomcat/site/trunk/xdocs/security-3.xml Sat Feb 24 18:31:19 2007
@@ -38,6 +38,41 @@
 Affects: 3.0, 3.1-3.1.1, 3.2-3.2.4, 3.3-3.3.2
   
 
+  
+moderate: Cross site scripting
+   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0044";>
+   CVE-2003-0044
+
+The root web application and the examples web application contained a
+   number a cross-site scripting vulnerabilities. Note that is it
+   recommended that the examples web application is not installed on
+   production servers.
+
+Affects: 3.0, 3.1-3.1.1, 3.2-3.2.4, 3.3-3.3.1a
+  
+
+  
+important: Information disclosure
+   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0043";>
+   CVE-2003-0043
+
+When used with JDK 1.3.1 or earlier, web.xml files were read with
+   trusted privileges enabling files outside of the web application to be
+   read even when running under a security manager.
+
+Affects: 3.0, 3.1-3.1.1, 3.2-3.2.4, 3.3-3.3.1
+
+important: Information disclosure
+   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0042";>
+   CVE-2003-0042
+
+URLs containing null characters could result in file contents being
+   returned or a directory listing being returned even when a welcome file
+   was defined.
+
+Affects: 3.0, 3.1-3.1.1, 3.2-3.2.4, 3.3-3.3.1
+  
+
   
 important: Denial of service
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0045";>



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

DO NOT REPLY [Bug 372] - examples/ShowSource always reports "Invalid JSP file" due to logic error in ShowSource.java BugRat Report#661

svn commit: r511252 - in /tomcat/connectors/trunk/jk/native/iis: Makefile.amd64 Makefile.vc isapi.dsp jk_isapi_plugin.c

svn commit: r511257 - /tomcat/connectors/trunk/jk/native/iis/jk_isapi_plugin.c

DO NOT REPLY [Bug 39627] - JULI ignores a ".level = XXX" directive in logging.properties

svn commit: r511294 - in /tomcat/tc6.0.x/trunk/webapps: ROOT/WEB-INF/web.xml docs/WEB-INF/web.xml docs/changelog.xml examples/WEB-INF/web.xml host-manager/WEB-INF/web.xml manager/WEB-INF/web.xml

svn commit: r511326 - in /tomcat/connectors/trunk/jk/native: apache-1.3/mod_jk.c apache-2.0/mod_jk.c common/jk_map.c common/jk_util.c

svn commit: r511333 - /tomcat/connectors/trunk/jk/jkstatus/

Re: svn commit: r511252 - in /tomcat/connectors/trunk/jk/native/iis: Makefile.amd64 Makefile.vc isapi.dsp jk_isapi_plugin.c

Re: svn commit: r511252 - in /tomcat/connectors/trunk/jk/native/iis: Makefile.amd64 Makefile.vc isapi.dsp jk_isapi_plugin.c

svn commit: r511369 - in /tomcat/site/trunk: docs/security-5.html xdocs/security-5.xml

svn commit: r511370 - in /tomcat/site/trunk: docs/security-5.html xdocs/security-5.xml

svn commit: r511373 - in /tomcat/site/trunk: docs/security-3.html xdocs/security-3.xml

svn commit: r511398 - in /tomcat/site/trunk: docs/security-3.html xdocs/security-3.xml

svn commit: r511399 - in /tomcat/site/trunk: docs/security-4.html xdocs/security-4.xml

svn commit: r511401 - in /tomcat/site/trunk: docs/security-3.html xdocs/security-3.xml

svn commit: r511406 - in /tomcat/site/trunk: docs/security-3.html xdocs/security-3.xml

16 matches

Site Navigation

Mail list logo

Footer information