Re: svn commit: r661653 - /tomcat/connectors/trunk/jni/xdocs/miscellaneous/changelog.xml
[EMAIL PROTECTED] wrote: Author: mturk Date: Fri May 30 04:25:04 2008 New Revision: 661653 URL: http://svn.apache.org/viewvc?rev=661653&view=rev Log: Add note to changelog about BZ45071 Modified: tomcat/connectors/trunk/jni/xdocs/miscellaneous/changelog.xml Thanks I missed the file name in my previous mails ;-( Cheers Jean-Frederic - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: svn commit: r660175 - in /tomcat/connectors/trunk/jni: CHANGELOG.txt native/src/poll.c
Mladen Turk wrote:
jean-frederic clere wrote:
[EMAIL PROTECTED] wrote:
Author: mturk
Date: Mon May 26 05:42:11 2008
New Revision: 660175
URL: http://svn.apache.org/viewvc?rev=660175&view=rev
Log:
Fix 45071 by updating ttl for signaled but not removed sockets
Modified:
tomcat/connectors/trunk/jni/CHANGELOG.txt
Please could you put the information in
jk/xdocs/miscellaneous/changelog.xml? (CHANGELOG.txt is a generated
file).
Are you sure?
svn cat $SVNBASE/${JKJNIEXT}/jni/CHANGELOG.txt > ${JKJNIDIST}/CHANGELOG.txt
Again this is not mod_jk where this is auto generated from html
Right I missed the file while copy + paste:
jni/xdocs/miscellaneous/changelog.xml is the file where the explaination
about the fix should go. Sorry.
Cheers
Jean-Frederic
Regards
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 45108] JSPX source containing "&" renders "&" in output page
https://issues.apache.org/bugzilla/show_bug.cgi?id=45108 Julian Reschke <[EMAIL PROTECTED]> changed: What|Removed |Added CC||[EMAIL PROTECTED] -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 45108] JSPX source containing "&" renders "&" in output page
https://issues.apache.org/bugzilla/show_bug.cgi?id=45108 --- Comment #4 from Julian Reschke <[EMAIL PROTECTED]> 2008-06-02 05:09:28 PST --- Ampersands in content need to be escaped, both in HTML and XML. This isn't even a validity, but an XML-wellformedness error. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 45102] IllegalStateException getting HttpSession from HttpServletRequest
https://issues.apache.org/bugzilla/show_bug.cgi?id=45102 Mark Thomas <[EMAIL PROTECTED]> changed: What|Removed |Added Status|NEW |NEEDINFO --- Comment #1 from Mark Thomas <[EMAIL PROTECTED]> 2008-06-02 11:18:51 PST --- To get this exception: a) you must request a session b) you must be using cookies for session ID c) the response must already be committed c) is the one I would look at. Are you sure getSession() is the first thing you call? Given you are using the invoker servlet it is likely that the error you are seeing is a side-effect of this. There are lots of reasons for getting rid of the invoker servlet (see http://wiki.apache.org/tomcat/FAQ/Miscellaneous#Q2). I suggest removing the invoker servlet and seeing if the error is fixed. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 45108] JSPX source containing "&" renders "&" in output page
https://issues.apache.org/bugzilla/show_bug.cgi?id=45108 Simon Gibbs <[EMAIL PROTECTED]> changed: What|Removed |Added Status|RESOLVED|REOPENED Resolution|INVALID | --- Comment #5 from Simon Gibbs <[EMAIL PROTECTED]> 2008-06-02 13:18:20 PST --- I agree with William Barker that the input aspect is probably fine, however, I'd like to reopen this bug for further consideration, in particular, is the output from the process correctly handled? -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
svn commit: r662582 - /tomcat/trunk/java/org/apache/catalina/manager/host/HTMLHostManagerServlet.java
Author: markt
Date: Mon Jun 2 14:41:28 2008
New Revision: 662582
URL: http://svn.apache.org/viewvc?rev=662582&view=rev
Log:
Fix potential XSS in host-manager.
This is CVE-2008-1947.
Modified:
tomcat/trunk/java/org/apache/catalina/manager/host/HTMLHostManagerServlet.java
Modified:
tomcat/trunk/java/org/apache/catalina/manager/host/HTMLHostManagerServlet.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/manager/host/HTMLHostManagerServlet.java?rev=662582&r1=662581&r2=662582&view=diff
==
---
tomcat/trunk/java/org/apache/catalina/manager/host/HTMLHostManagerServlet.java
(original)
+++
tomcat/trunk/java/org/apache/catalina/manager/host/HTMLHostManagerServlet.java
Mon Jun 2 14:41:28 2008
@@ -21,6 +21,7 @@
import java.io.IOException;
import java.io.PrintWriter;
import java.io.StringWriter;
+import java.net.URLEncoder;
import java.text.MessageFormat;
import java.util.Iterator;
import java.util.Map;
@@ -278,17 +279,20 @@
args = new Object[7];
args[0] = response.encodeURL
(request.getContextPath() +
- "/html/start?name=" + hostName);
+ "/html/start?name=" +
+ URLEncoder.encode(hostName, "UTF-8"));
args[1] = hostsStart;
args[2] = response.encodeURL
(request.getContextPath() +
- "/html/stop?name=" + hostName);
+ "/html/stop?name=" +
+ URLEncoder.encode(hostName, "UTF-8"));
args[3] = hostsStop;
args[4] = response.encodeURL
(request.getContextPath() +
- "/html/remove?name=" + hostName);
+ "/html/remove?name=" +
+ URLEncoder.encode(hostName, "UTF-8"));
args[5] = hostsRemove;
-args[6] = hostName;
+args[6] = RequestUtil.filter(hostName);
if (host == this.host) {
writer.print(MessageFormat.format(
MANAGER_HOST_ROW_BUTTON_SECTION, args));
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
svn commit: r662583 - /tomcat/container/tc5.5.x/webapps/host-manager/WEB-INF/classes/org/apache/catalina/hostmanager/HTMLHostManagerServlet.java
Author: markt
Date: Mon Jun 2 14:41:36 2008
New Revision: 662583
URL: http://svn.apache.org/viewvc?rev=662583&view=rev
Log:
Fix potential XSS in host-manager.
This is CVE-2008-1947.
Modified:
tomcat/container/tc5.5.x/webapps/host-manager/WEB-INF/classes/org/apache/catalina/hostmanager/HTMLHostManagerServlet.java
Modified:
tomcat/container/tc5.5.x/webapps/host-manager/WEB-INF/classes/org/apache/catalina/hostmanager/HTMLHostManagerServlet.java
URL:
http://svn.apache.org/viewvc/tomcat/container/tc5.5.x/webapps/host-manager/WEB-INF/classes/org/apache/catalina/hostmanager/HTMLHostManagerServlet.java?rev=662583&r1=662582&r2=662583&view=diff
==
---
tomcat/container/tc5.5.x/webapps/host-manager/WEB-INF/classes/org/apache/catalina/hostmanager/HTMLHostManagerServlet.java
(original)
+++
tomcat/container/tc5.5.x/webapps/host-manager/WEB-INF/classes/org/apache/catalina/hostmanager/HTMLHostManagerServlet.java
Mon Jun 2 14:41:36 2008
@@ -21,6 +21,7 @@
import java.io.IOException;
import java.io.PrintWriter;
import java.io.StringWriter;
+import java.net.URLEncoder;
import java.text.MessageFormat;
import java.util.Iterator;
import java.util.Map;
@@ -276,17 +277,20 @@
args = new Object[7];
args[0] = response.encodeURL
(request.getContextPath() +
- "/html/start?name=" + hostName);
+ "/html/start?name=" +
+ URLEncoder.encode(hostName, "UTF-8"));
args[1] = hostsStart;
args[2] = response.encodeURL
(request.getContextPath() +
- "/html/stop?name=" + hostName);
+ "/html/stop?name=" +
+ URLEncoder.encode(hostName, "UTF-8"));
args[3] = hostsStop;
args[4] = response.encodeURL
(request.getContextPath() +
- "/html/remove?name=" + hostName);
+ "/html/remove?name=" +
+ URLEncoder.encode(hostName, "UTF-8"));
args[5] = hostsRemove;
-args[6] = hostName;
+args[6] = RequestUtil.filter(hostName);
if (host == this.host) {
writer.print(MessageFormat.format(
MANAGER_HOST_ROW_BUTTON_SECTION, args));
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
svn commit: r662584 - in /tomcat/site/trunk: docs/security-5.html docs/security-6.html xdocs/security-5.xml xdocs/security-6.xml
Author: markt Date: Mon Jun 2 14:42:03 2008 New Revision: 662584 URL: http://svn.apache.org/viewvc?rev=662584&view=rev Log: Document potential XSS in host-manager. This is CVE-2008-1947. Modified: tomcat/site/trunk/docs/security-5.html tomcat/site/trunk/docs/security-6.html tomcat/site/trunk/xdocs/security-5.xml tomcat/site/trunk/xdocs/security-6.xml Modified: tomcat/site/trunk/docs/security-5.html URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-5.html?rev=662584&r1=662583&r2=662584&view=diff == --- tomcat/site/trunk/docs/security-5.html (original) +++ tomcat/site/trunk/docs/security-5.html Mon Jun 2 14:42:03 2008 @@ -222,6 +222,43 @@ + +Fixed in Apache Tomcat 5.5.SVN + + + + + + + + + +low: Cross-site scripting + http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1947";> + CVE-2008-1947 + + +The Host Manager web application did not escape user provided data before + including it in the output. This enabled a XSS attack. This application + now filters the data before use. This issue may be mitigated by logging + out (closing the browser) of the application once the management tasks + have been completed. + +Affects: 5.5.9-5.5.26 + + + + + + + + + + + + + + Fixed in Apache Tomcat 5.5.26 @@ -331,7 +368,7 @@ The Manager and Host Manager web applications did not escape user provided data before including it in the output. This enabled a XSS - attack. These applciations now filter the data before use. This issue may + attack. These applications now filter the data before use. This issue may be mitigated by logging out (closing the browser) of the application once the management tasks have been completed. Modified: tomcat/site/trunk/docs/security-6.html URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-6.html?rev=662584&r1=662583&r2=662584&view=diff == --- tomcat/site/trunk/docs/security-6.html (original) +++ tomcat/site/trunk/docs/security-6.html Mon Jun 2 14:42:03 2008 @@ -216,6 +216,43 @@ + +Fixed in Apache Tomcat 6.0.SVN + + + + + + + + + +low: Cross-site scripting + http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1947";> + CVE-2008-1947 + + +The Host Manager web application did not escape user provided data before + including it in the output. This enabled a XSS attack. This application + now filters the data before use. This issue may be mitigated by logging + out (closing the browser) of the application once the management tasks + have been completed. + +Affects: 6.0.0-6.0.16 + + + + + + + + + + + + + + Fixed in Apache Tomcat 6.0.16 @@ -339,7 +376,7 @@ The Manager and Host Manager web applications did not escape user provided data before including it in the output. This enabled a XSS - attack. These applciations now filter the data before use. This issue may + attack. These applications now filter the data before use. This issue may be mitigated by logging out (closing the browser) of the application once the management tasks have been completed. Modified: tomcat/site/trunk/xdocs/security-5.xml URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-5.xml?rev=662584&r1=662583&r2=662584&view=diff == --- tomcat/site/trunk/xdocs/security-5.xml (original) +++ tomcat/site/trunk/xdocs/security-5.xml Mon Jun 2 14:42:03 2008 @@ -28,6 +28,20 @@ + +low: Cross-site scripting + http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1947";> + CVE-2008-1947 + +The Host Manager web application did not escape user provided data before + including it in the output. This enabled a XSS attack. This application + now filters the data before use. This issue may be mitigated by logging + out (closing the browser) of the application once the management tasks + have been completed. + +Affects: 5.5.9-5.5.26 + + low: Session hi-jacking http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5333";> @@ -95,7 +109,7 @@ The Manager and Host Manager web applications did not escape user provided data before including it in the output. This enabled a XSS - attack. These applciations now filter the data before use. This issue may + attack. These applications now filter the data before use. This issue may be mitigated by logging out (closing the browser) of the application once the management tasks have been completed. Modified: tomcat/site/trunk/xdocs/security-6.xml URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-6.xml?rev=662584&r1=662583&r2=662584&view=diff =
svn commit: r662585 - /tomcat/tc6.0.x/trunk/java/org/apache/catalina/manager/host/HTMLHostManagerServlet.java
Author: markt
Date: Mon Jun 2 14:44:22 2008
New Revision: 662585
URL: http://svn.apache.org/viewvc?rev=662585&view=rev
Log:
Fix potential XSS in host-manager.
This is CVE-2008-1947.
Modified:
tomcat/tc6.0.x/trunk/java/org/apache/catalina/manager/host/HTMLHostManagerServlet.java
Modified:
tomcat/tc6.0.x/trunk/java/org/apache/catalina/manager/host/HTMLHostManagerServlet.java
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/catalina/manager/host/HTMLHostManagerServlet.java?rev=662585&r1=662584&r2=662585&view=diff
==
---
tomcat/tc6.0.x/trunk/java/org/apache/catalina/manager/host/HTMLHostManagerServlet.java
(original)
+++
tomcat/tc6.0.x/trunk/java/org/apache/catalina/manager/host/HTMLHostManagerServlet.java
Mon Jun 2 14:44:22 2008
@@ -21,6 +21,7 @@
import java.io.IOException;
import java.io.PrintWriter;
import java.io.StringWriter;
+import java.net.URLEncoder;
import java.text.MessageFormat;
import java.util.Iterator;
import java.util.Map;
@@ -278,17 +279,20 @@
args = new Object[7];
args[0] = response.encodeURL
(request.getContextPath() +
- "/html/start?name=" + hostName);
+ "/html/start?name=" +
+ URLEncoder.encode(hostName, "UTF-8"));
args[1] = hostsStart;
args[2] = response.encodeURL
(request.getContextPath() +
- "/html/stop?name=" + hostName);
+ "/html/stop?name=" +
+ URLEncoder.encode(hostName, "UTF-8"));
args[3] = hostsStop;
args[4] = response.encodeURL
(request.getContextPath() +
- "/html/remove?name=" + hostName);
+ "/html/remove?name=" +
+ URLEncoder.encode(hostName, "UTF-8"));
args[5] = hostsRemove;
-args[6] = hostName;
+args[6] = RequestUtil.filter(hostName);
if (host == this.host) {
writer.print(MessageFormat.format(
MANAGER_HOST_ROW_BUTTON_SECTION, args));
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
[SECURITY] CVE-2008-1947: Tomcat host-manager XSS vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 CVE-2008-1947: Tomcat host-manager XSS vulnerability Severity: Low Vendor: The Apache Software Foundation Versions Affected: Tomcat 5.5.9 to 5.5.26 Tomcat 6.0.0 to 6.0.16 This issue has been fixed in the source repositories for each version and will be included in 5.5.27 and 6.0.17. It is anticipated that these versions will be released shortly. Description: The user supplied hostname attribute is not filtered before being included in the output. Mitigation: Do not visit untrusted sites whilst logged in to the host-manager application and log out (close the browser) once finished with the host-manager. Example: Assume that after logged in, the victim was lead to the malicious web server with following file installed. http://localhost:8080/host-manager/html/add"; method="get"> ~ ~ ~ Credit: These issues were discovered by Petr Splichal of RedHat. References: http://tomcat.apache.org/security.html Mark Thomas -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkhEahEACgkQb7IeiTPGAkOQggCgirNfHSCkMDhcEzG6Ig1N0WzP qesAoKXePHeBKaB0VzeBoowW5kvZpBQx =4nQe -END PGP SIGNATURE- - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 43327] Socket bind fails on tomcat startup when using apr
https://issues.apache.org/bugzilla/show_bug.cgi?id=43327 Siegmund Gorr <[EMAIL PROTECTED]> changed: What|Removed |Added CC||[EMAIL PROTECTED] --- Comment #10 from Siegmund Gorr <[EMAIL PROTECTED]> 2008-06-02 23:02:54 PST --- Hi, I could add another target environment with same problems, except that no SSL is being used. Linux openSUSE-103-64-minimal 2.6.22.9-0.4-default #1 SMP 2007/10/05 21:32:04 UTC x86_64 x86_64 x86_64 GNU/Linux Tomcat 6.0.14 It is pretty frigthening that a server help tool like jsvc prevents this lib from working. It looks that the design and integration of jsvc or APR has some side effects. I could not recommend any furhter production use of this combination. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
