svn commit: r782559 - in /tomcat/site/trunk: docs/security-4.html docs/security-5.html docs/security-6.html xdocs/security-4.xml xdocs/security-5.xml xdocs/security-6.xml
Author: markt Date: Mon Jun 8 08:39:25 2009 New Revision: 782559 URL: http://svn.apache.org/viewvc?rev=782559&view=rev Log: Update CVE-2009-0580 Modified: tomcat/site/trunk/docs/security-4.html tomcat/site/trunk/docs/security-5.html tomcat/site/trunk/docs/security-6.html tomcat/site/trunk/xdocs/security-4.xml tomcat/site/trunk/xdocs/security-5.xml tomcat/site/trunk/xdocs/security-6.xml Modified: tomcat/site/trunk/docs/security-4.html URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-4.html?rev=782559&r1=782558&r2=782559&view=diff == --- tomcat/site/trunk/docs/security-4.html (original) +++ tomcat/site/trunk/docs/security-4.html Mon Jun 8 08:39:25 2009 @@ -298,14 +298,16 @@ Due to insufficient error checking in some authentication classes, Tomcat allows for the enumeration (brute force testing) of user names by supplying illegally URL encoded passwords. The attack is possible if FORM - based authenticiaton (j_security_check) with either the MemoryRealm, - DataSourceRealm or JDBCRealm. + based authentication (j_security_check) is used with the MemoryRealm. + Note that in early versions, the DataSourceRealm and JDBCRealm were also + affected. This was fixed in http://svn.apache.org/viewvc?rev=781382&view=rev";> revision 781382. -Affects: 4.1.0-4.1.39 +Affects: 4.1.0-4.1.39 (Memory Realm), 4.1.0-4.1.31 (JDBC Realm), +4.1.17-4.1.31 (DataSource Realm) low: Cross-site scripting Modified: tomcat/site/trunk/docs/security-5.html URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-5.html?rev=782559&r1=782558&r2=782559&view=diff == --- tomcat/site/trunk/docs/security-5.html (original) +++ tomcat/site/trunk/docs/security-5.html Mon Jun 8 08:39:25 2009 @@ -260,14 +260,16 @@ Due to insufficient error checking in some authentication classes, Tomcat allows for the enumeration (brute force testing) of user names by supplying illegally URL encoded passwords. The attack is possible if FORM - based authenticiaton (j_security_check) with either the MemoryRealm, - DataSourceRealm or JDBCRealm. + based authentication (j_security_check) is used with the MemoryRealm. + Note that in early versions, the DataSourceRealm and JDBCRealm were also + affected. This was fixed in http://svn.apache.org/viewvc?rev=781379&view=rev";> revision 781379. -Affects: 5.5.0-5.5.27 +Affects: 5.5.0-5.5.27 (Memory Realm), 5.5.0-5.5.5 (DataSource and JDBC + Realms) low: Cross-site scripting Modified: tomcat/site/trunk/docs/security-6.html URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-6.html?rev=782559&r1=782558&r2=782559&view=diff == --- tomcat/site/trunk/docs/security-6.html (original) +++ tomcat/site/trunk/docs/security-6.html Mon Jun 8 08:39:25 2009 @@ -261,14 +261,13 @@ Due to insufficient error checking in some authentication classes, Tomcat allows for the enumeration (brute force testing) of user names by supplying illegally URL encoded passwords. The attack is possible if FORM - based authenticiaton (j_security_check) with either the MemoryRealm, - DataSourceRealm or JDBCRealm. + based authentication (j_security_check) is used with the MemoryRealm. This was fixed in http://svn.apache.org/viewvc?rev=747840&view=rev";> revision 747840. -Affects: 6.0.0-6.0.18 +Affects: 6.0.0-6.0.18 (MemoryRealm), 6.0.0- low: Cross-site scripting Modified: tomcat/site/trunk/xdocs/security-4.xml URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-4.xml?rev=782559&r1=782558&r2=782559&view=diff == --- tomcat/site/trunk/xdocs/security-4.xml (original) +++ tomcat/site/trunk/xdocs/security-4.xml Mon Jun 8 08:39:25 2009 @@ -68,14 +68,16 @@ Due to insufficient error checking in some authentication classes, Tomcat allows for the enumeration (brute force testing) of user names by supplying illegally URL encoded passwords. The attack is possible if FORM - based authenticiaton (j_security_check) with either the MemoryRealm, - DataSourceRealm or JDBCRealm. + based authentication (j_security_check) is used with the MemoryRealm. + Note that in early versions, the DataSourceRealm and JDBCRealm were also + affected. This was fixed in http://svn.apache.org/viewvc?rev=781382&view=rev";> revision 781382. -Affects: 4.1.0-4.1.39 +Affects: 4.1.0-4.1.39 (Memory Realm), 4.1.0-4.1.31 (JDBC Realm), +
DO NOT REPLY [Bug 47331] New: No translation error messag when using #{...} in template text
https://issues.apache.org/bugzilla/show_bug.cgi?id=47331
Summary: No translation error messag when using #{...} in
template text
Product: Tomcat 6
Version: 6.0.20
Platform: PC
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P2
Component: Jasper
AssignedTo: dev@tomcat.apache.org
ReportedBy: marco.guazz...@gmail.com
JSP.2.2 requires a translation error when an #{...} EL expression is used in
templated text.
(See also the Section 1.2.4 of "JavaServer Pages 2.1 Expression
Language Specification".)
Tomcat 6.0.18 *erronously* parse the expression.
Tomcat 6.0.20 *rightly* does not but it also does not issue any error like the
JSP specs requires.
An example might clarify. Given the following JSP snip:
--- [snip] ---
http://java.sun.com/JSP/Page";
xmlns:c="http://java.sun.com/jsp/jstl/core";
xmlns:f="http://java.sun.com/jsf/core";
xmlns:h="http://java.sun.com/jsf/html";>
http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"/>
http://www.w3.org/1999/xhtml";>
--- [/snip] ---
With Tomcat 6.0.18 I get:
--- [snip] ---
http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";>
http://www.w3.org/1999/xhtml";>
.
--- [/snip] ---
Instead with Tomcat 6.0.20:
--- [snip] ---
http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";>
http://www.w3.org/1999/xhtml";>
.
--- [/snip] ---
But neither an error nor a warning message appear in the log.
For a discussion about this see the following post on the tomcat-user ML:
http://mail-archives.apache.org/mod_mbox/tomcat-users/200906.mbox/%3ca764c6280906070128j2bfdc49fvf6a0fb31d3165...@mail.gmail.com%3e
and the subsequent replies.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
--- You are receiving this mail because: ---
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r782586 - in /tomcat/site/trunk: docs/security-6.html xdocs/security-6.xml
Author: markt Date: Mon Jun 8 10:18:35 2009 New Revision: 782586 URL: http://svn.apache.org/viewvc?rev=782586&view=rev Log: Fix bad edit Modified: tomcat/site/trunk/docs/security-6.html tomcat/site/trunk/xdocs/security-6.xml Modified: tomcat/site/trunk/docs/security-6.html URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-6.html?rev=782586&r1=782585&r2=782586&view=diff == --- tomcat/site/trunk/docs/security-6.html (original) +++ tomcat/site/trunk/docs/security-6.html Mon Jun 8 10:18:35 2009 @@ -267,7 +267,7 @@ http://svn.apache.org/viewvc?rev=747840&view=rev";> revision 747840. -Affects: 6.0.0-6.0.18 (MemoryRealm), 6.0.0- +Affects: 6.0.0-6.0.18 (MemoryRealm) low: Cross-site scripting Modified: tomcat/site/trunk/xdocs/security-6.xml URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-6.xml?rev=782586&r1=782585&r2=782586&view=diff == --- tomcat/site/trunk/xdocs/security-6.xml (original) +++ tomcat/site/trunk/xdocs/security-6.xml Mon Jun 8 10:18:35 2009 @@ -58,7 +58,7 @@ http://svn.apache.org/viewvc?rev=747840&view=rev";> revision 747840. -Affects: 6.0.0-6.0.18 (MemoryRealm), 6.0.0- +Affects: 6.0.0-6.0.18 (MemoryRealm) low: Cross-site scripting http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0781";> - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r782599 - /tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
Author: markt Date: Mon Jun 8 12:12:05 2009 New Revision: 782599 URL: http://svn.apache.org/viewvc?rev=782599&view=rev Log: Fix a couple of typos Modified: tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml Modified: tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml?rev=782599&r1=782598&r2=782599&view=diff == --- tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml (original) +++ tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml Mon Jun 8 12:12:05 2009 @@ -287,7 +287,7 @@ match with the appBase dir. (markt) -39396: Don't include TRACEE in OPTIONS response unless we +39396: Don't include TRACE in OPTIONS response unless we know it hasn't been disabled in the connector. (markt) @@ -608,7 +608,7 @@ -36923: Treat EL expressions as template text is EL +36923: Treat EL expressions as template text if EL expressions are disabled. (markt) - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
DO NOT REPLY [Bug 47318] Tomcat 6.0.20 does not include imports from included JSP
https://issues.apache.org/bugzilla/show_bug.cgi?id=47318 --- Comment #6 from Tim Funk 2009-06-08 06:07:38 PST --- Created an attachment (id=23775) --> (https://issues.apache.org/bugzilla/attachment.cgi?id=23775) webapp with tag files fail The same war file as previous attached with the new use case where tag file fail Now fails with javax.servlet.error.exception: java.lang.RuntimeException: org.apache.jasper.JasperException: ... <%@ page directive cannot be used in a tag file -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r782612 - /tomcat/tc6.0.x/trunk/STATUS.txt
Author: funkman Date: Mon Jun 8 13:09:47 2009 New Revision: 782612 URL: http://svn.apache.org/viewvc?rev=782612&view=rev Log: vote Modified: tomcat/tc6.0.x/trunk/STATUS.txt Modified: tomcat/tc6.0.x/trunk/STATUS.txt URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=782612&r1=782611&r2=782612&view=diff == --- tomcat/tc6.0.x/trunk/STATUS.txt (original) +++ tomcat/tc6.0.x/trunk/STATUS.txt Mon Jun 8 13:09:47 2009 @@ -159,4 +159,5 @@ Process include preludes and codas for directivesOnly as well as full pages http://svn.apache.org/viewvc?rev=782166&view=rev +1: markt, kkolinko - -1: + -1: new regression - see bug for new test case + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
DO NOT REPLY [Bug 46381] Coerce EL expression to java.lang.Object breaks expression concatenation
https://issues.apache.org/bugzilla/show_bug.cgi?id=46381 Alfred Staflinger changed: What|Removed |Added Status|RESOLVED|REOPENED CC||alfred.staflin...@infoniqa. ||com Resolution|FIXED | Severity|normal |critical --- Comment #4 from Alfred Staflinger 2009-06-08 07:14:09 PST --- Dear Tomcat Developers, when i have a JSP page with this tag/expression... ... and "companyHeader" evaluates to null, the output in Tomcat 6.0.18 is " " (which is correct), but the output in Tomcat 6.0.20 is "null " (which is not correct). I think that many JSP developers are concerned by this bug and I hope that there will be released a new Tomcat version containing a bug fix as soon as possible. Best Regards Alfred -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
found very old feature request ...
All, while I was just looking at BZ I found a very old feature request for NetWare: https://issues.apache.org/bugzilla/show_bug.cgi?id=8441 what do you think? These 3 files are those we use for start/stop of TC ...; maybe we can add these files to TC 4/5, or are there any objections? then another question: the path issue in Novell's JVM was not fixed as we expected (Mark hacked a sample to recreate and confirm the prob some longer time ago), and I think it would probably make sense to add a hint in the RUNNING file of TC 4/5 in troubleshooting section that NetWare users need to downdate Ant to version 1.5, probably something like: Since Tomcat 4.1.36 / 5.0.3x / 5.5.x? Tomcat ships with Ant 1.7 which turned out to have path issues on NetWare platform due to a bug in the NetWare JVM. The bug was reported to Novell, but not fixed up to now. NetWare users therefore need to downdate to Ant 1.5 which is known to work properly on NetWare; it seems sufficient to copy the ./common/lib/ant.jar file from an older Tomcat over to the new Tomcat version. greets, Gün. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r782751 - /tomcat/trunk/modules/jdbc-pool/sign.sh
Author: fhanik Date: Mon Jun 8 19:53:39 2009 New Revision: 782751 URL: http://svn.apache.org/viewvc?rev=782751&view=rev Log: Create for bash Modified: tomcat/trunk/modules/jdbc-pool/sign.sh Modified: tomcat/trunk/modules/jdbc-pool/sign.sh URL: http://svn.apache.org/viewvc/tomcat/trunk/modules/jdbc-pool/sign.sh?rev=782751&r1=782750&r2=782751&view=diff == --- tomcat/trunk/modules/jdbc-pool/sign.sh (original) +++ tomcat/trunk/modules/jdbc-pool/sign.sh Mon Jun 8 19:53:39 2009 @@ -1,4 +1,4 @@ -#!/bin/sh +#!/bin/bash # Licensed to the Apache Software Foundation (ASF) under one or more # contributor license agreements. See the NOTICE file distributed with - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn propchange: r734734 - svn:log
Author: markt Revision: 734734 Modified property: svn:log Modified: svn:log at Mon Jun 8 19:59:39 2009 -- --- svn:log (original) +++ svn:log Mon Jun 8 19:59:39 2009 @@ -1,3 +1,4 @@ -Remove 3 of the essentially 4 duplicate normalise implementations. -Minor tweaks where required to use the new single implementation. +Remove 3 of the essentially 4 duplicate normalise implementations. +Minor tweaks where required to use the new single implementation. Remove unnecessary normalisation calls. +This includes the fix for CVE-2008-5515. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r782757 - in /tomcat/container/tc5.5.x/catalina/src/share/org/apache: catalina/connector/ catalina/core/ catalina/servlets/ catalina/ssi/ catalina/util/ naming/resources/
Author: markt
Date: Mon Jun 8 20:04:29 2009
New Revision: 782757
URL: http://svn.apache.org/viewvc?rev=782757&view=rev
Log:
Port normalisation clean-up.
Includes fix for CVE-2008-5515
Modified:
tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/connector/Request.java
tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/core/ApplicationContext.java
tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/core/ApplicationHttpRequest.java
tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/servlets/WebdavServlet.java
tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/ssi/SSIServletExternalResolver.java
tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/ssi/SSIServletRequestUtil.java
tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/util/RequestUtil.java
tomcat/container/tc5.5.x/catalina/src/share/org/apache/naming/resources/FileDirContext.java
Modified:
tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/connector/Request.java
URL:
http://svn.apache.org/viewvc/tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/connector/Request.java?rev=782757&r1=782756&r2=782757&view=diff
==
---
tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/connector/Request.java
(original)
+++
tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/connector/Request.java
Mon Jun 8 20:04:29 2009
@@ -1243,10 +1243,9 @@
int pos = requestPath.lastIndexOf('/');
String relative = null;
if (pos >= 0) {
-relative = RequestUtil.normalize
-(requestPath.substring(0, pos + 1) + path);
+relative = requestPath.substring(0, pos + 1) + path;
} else {
-relative = RequestUtil.normalize(requestPath + path);
+relative = requestPath + path;
}
return (context.getServletContext().getRequestDispatcher(relative));
Modified:
tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/core/ApplicationContext.java
URL:
http://svn.apache.org/viewvc/tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/core/ApplicationContext.java?rev=782757&r1=782756&r2=782757&view=diff
==
---
tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/core/ApplicationContext.java
(original)
+++
tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/core/ApplicationContext.java
Mon Jun 8 20:04:29 2009
@@ -43,6 +43,7 @@
import org.apache.catalina.Wrapper;
import org.apache.catalina.deploy.ApplicationParameter;
import org.apache.catalina.util.Enumerator;
+import org.apache.catalina.util.RequestUtil;
import org.apache.catalina.util.ResourceSet;
import org.apache.catalina.util.ServerInfo;
import org.apache.catalina.util.StringManager;
@@ -388,7 +389,7 @@
path = path.substring(0, pos);
}
-path = normalize(path);
+path = RequestUtil.normalize(path);
if (path == null)
return (null);
@@ -475,7 +476,7 @@
throw new
MalformedURLException(sm.getString("applicationContext.requestDispatcher.iae",
path));
}
-path = normalize(path);
+path = RequestUtil.normalize(path);
if (path == null)
return (null);
@@ -524,10 +525,13 @@
*/
public InputStream getResourceAsStream(String path) {
-path = normalize(path);
if (path == null || !path.startsWith("/"))
return (null);
+path = RequestUtil.normalize(path);
+if (path == null)
+return null;
+
DirContext resources = context.getResources();
if (resources != null) {
try {
@@ -560,7 +564,7 @@
(sm.getString("applicationContext.resourcePaths.iae", path));
}
-path = normalize(path);
+path = RequestUtil.normalize(path);
if (path == null)
return (null);
@@ -870,45 +874,6 @@
/**
- * Return a context-relative path, beginning with a "/", that represents
- * the canonical version of the specified path after ".." and "." elements
- * are resolved out. If the specified path attempts to go outside the
- * boundaries of the current context (i.e. too many ".." path elements
- * are present), return null instead.
- *
- * @param path Path to be normalized
- */
-private String normalize(String path) {
-
-if (path == null) {
-return null;
-}
-
-String normalized = path;
-
-// Normalize the slashes
-if (normalized.indexOf('\\') >= 0)
-normalized = normalized.replace('\\', '/');
-
-// Resolve occurrences of "/../" in the normalized path
-while (true) {
-int
svn commit: r782762 - /tomcat/tags/JDBC_POOL_1_0_3/
Author: fhanik Date: Mon Jun 8 20:14:28 2009 New Revision: 782762 URL: http://svn.apache.org/viewvc?rev=782762&view=rev Log: A tag that we can vote on, I dropped the ball on the previous one Added: tomcat/tags/JDBC_POOL_1_0_3/ (props changed) - copied from r782760, tomcat/trunk/modules/jdbc-pool/ Propchange: tomcat/tags/JDBC_POOL_1_0_3/ -- svn:mergeinfo = /tomcat/tc6.0.x/trunk/modules/jdbc-pool:742915 - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r782763 - in /tomcat/container/branches/tc4.1.x/catalina/src/share/org/apache: catalina/connector/ catalina/core/ catalina/servlets/ catalina/ssi/ catalina/util/ naming/resources/
Author: markt
Date: Mon Jun 8 20:14:37 2009
New Revision: 782763
URL: http://svn.apache.org/viewvc?rev=782763&view=rev
Log:
Port normalisation clean-up.
Includes fix for CVE-2008-5515
Modified:
tomcat/container/branches/tc4.1.x/catalina/src/share/org/apache/catalina/connector/HttpRequestBase.java
tomcat/container/branches/tc4.1.x/catalina/src/share/org/apache/catalina/core/ApplicationContext.java
tomcat/container/branches/tc4.1.x/catalina/src/share/org/apache/catalina/core/ApplicationHttpRequest.java
tomcat/container/branches/tc4.1.x/catalina/src/share/org/apache/catalina/servlets/DefaultServlet.java
tomcat/container/branches/tc4.1.x/catalina/src/share/org/apache/catalina/servlets/WebdavServlet.java
tomcat/container/branches/tc4.1.x/catalina/src/share/org/apache/catalina/ssi/SSIServletExternalResolver.java
tomcat/container/branches/tc4.1.x/catalina/src/share/org/apache/catalina/ssi/SSIServletRequestUtil.java
tomcat/container/branches/tc4.1.x/catalina/src/share/org/apache/catalina/util/RequestUtil.java
tomcat/container/branches/tc4.1.x/catalina/src/share/org/apache/naming/resources/FileDirContext.java
Modified:
tomcat/container/branches/tc4.1.x/catalina/src/share/org/apache/catalina/connector/HttpRequestBase.java
URL:
http://svn.apache.org/viewvc/tomcat/container/branches/tc4.1.x/catalina/src/share/org/apache/catalina/connector/HttpRequestBase.java?rev=782763&r1=782762&r2=782763&view=diff
==
---
tomcat/container/branches/tc4.1.x/catalina/src/share/org/apache/catalina/connector/HttpRequestBase.java
(original)
+++
tomcat/container/branches/tc4.1.x/catalina/src/share/org/apache/catalina/connector/HttpRequestBase.java
Mon Jun 8 20:14:37 2009
@@ -759,10 +759,9 @@
String relative = null;
if (pos >= 0) {
-relative = RequestUtil.normalize
-(requestPath.substring(0, pos + 1) + path);
+relative = requestPath.substring(0, pos + 1) + path;
} else {
-relative = RequestUtil.normalize(requestPath + path);
+relative = requestPath + path;
}
return (context.getServletContext().getRequestDispatcher(relative));
Modified:
tomcat/container/branches/tc4.1.x/catalina/src/share/org/apache/catalina/core/ApplicationContext.java
URL:
http://svn.apache.org/viewvc/tomcat/container/branches/tc4.1.x/catalina/src/share/org/apache/catalina/core/ApplicationContext.java?rev=782763&r1=782762&r2=782763&view=diff
==
---
tomcat/container/branches/tc4.1.x/catalina/src/share/org/apache/catalina/core/ApplicationContext.java
(original)
+++
tomcat/container/branches/tc4.1.x/catalina/src/share/org/apache/catalina/core/ApplicationContext.java
Mon Jun 8 20:14:37 2009
@@ -50,6 +50,7 @@
import org.apache.catalina.Wrapper;
import org.apache.catalina.deploy.ApplicationParameter;
import org.apache.catalina.util.Enumerator;
+import org.apache.catalina.util.RequestUtil;
import org.apache.catalina.util.ResourceSet;
import org.apache.catalina.util.ServerInfo;
import org.apache.catalina.util.StringManager;
@@ -590,7 +591,7 @@
path = path.substring(0, question);
}
-path = normalize(path);
+path = RequestUtil.normalize(path);
if (path == null)
return (null);
@@ -645,7 +646,7 @@
public URL getResource(String path)
throws MalformedURLException {
-path = normalize(path);
+path = RequestUtil.normalize(path);
if (path == null)
return (null);
@@ -689,7 +690,7 @@
*/
public InputStream getResourceAsStream(String path) {
-path = normalize(path);
+path = RequestUtil.normalize(path);
if (path == null)
return (null);
@@ -1045,42 +1046,6 @@
// Private Methods
-
-/**
- * Return a context-relative path, beginning with a "/", that represents
- * the canonical version of the specified path after ".." and "." elements
- * are resolved out. If the specified path attempts to go outside the
- * boundaries of the current context (i.e. too many ".." path elements
- * are present), return null instead.
- *
- * @param path Path to be normalized
- */
-private String normalize(String path) {
-
- String normalized = path;
-
- // Normalize the slashes and add leading slash if necessary
- if (normalized.indexOf('\\') >= 0)
- normalized = normalized.replace('\\', '/');
-
- // Resolve occurrences of "/../" in the normalized path
- while (true) {
- int index = normalized.indexOf("/../");
- if (index < 0)
- break;
- if (index == 0)
- return (null); // Trying to go outside our context
- int
svn commit: r782764 - in /tomcat/site/trunk: docs/security-4.html docs/security-5.html docs/security-6.html xdocs/security-4.xml xdocs/security-5.xml xdocs/security-6.xml
Author: markt Date: Mon Jun 8 20:18:40 2009 New Revision: 782764 URL: http://svn.apache.org/viewvc?rev=782764&view=rev Log: Add CVE-2008-5515. Modified: tomcat/site/trunk/docs/security-4.html tomcat/site/trunk/docs/security-5.html tomcat/site/trunk/docs/security-6.html tomcat/site/trunk/xdocs/security-4.xml tomcat/site/trunk/xdocs/security-5.xml tomcat/site/trunk/xdocs/security-6.xml Modified: tomcat/site/trunk/docs/security-4.html URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-4.html?rev=782764&r1=782763&r2=782764&view=diff == --- tomcat/site/trunk/docs/security-4.html (original) +++ tomcat/site/trunk/docs/security-4.html Mon Jun 8 20:18:40 2009 @@ -271,6 +271,24 @@ +Important: Information Disclosure + http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-5515";> + CVE-2009-5515 + + +When using a RequestDispatcher obtained from the Request, the target path + was normalised before the query string was removed. A request that + included a specially crafted request parameter could be used to access + content that would otherwise be protected by a security constraint or by + locating it in under the WEB-INF directory. + +This was fixed in + http://svn.apache.org/viewvc?rev=782763&view=rev";> + revision 782763. + +Affects: 4.1.0-4.1.39 + + Important: Denial of Service http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0033";> CVE-2009-0033 Modified: tomcat/site/trunk/docs/security-5.html URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-5.html?rev=782764&r1=782763&r2=782764&view=diff == --- tomcat/site/trunk/docs/security-5.html (original) +++ tomcat/site/trunk/docs/security-5.html Mon Jun 8 20:18:40 2009 @@ -233,6 +233,24 @@ +Important: Information Disclosure + http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-5515";> + CVE-2009-5515 + + +When using a RequestDispatcher obtained from the Request, the target path + was normalised before the query string was removed. A request that + included a specially crafted request parameter could be used to access + content that would otherwise be protected by a security constraint or by + locating it in under the WEB-INF directory. + +This was fixed in + http://svn.apache.org/viewvc?rev=782757&view=rev";> + revision 782757. + +Affects: 5.5.0-5.5.27 + + Important: Denial of Service http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0033";> CVE-2009-0033 Modified: tomcat/site/trunk/docs/security-6.html URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-6.html?rev=782764&r1=782763&r2=782764&view=diff == --- tomcat/site/trunk/docs/security-6.html (original) +++ tomcat/site/trunk/docs/security-6.html Mon Jun 8 20:18:40 2009 @@ -234,6 +234,24 @@ +Important: Information Disclosure + http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-5515";> + CVE-2009-5515 + + +When using a RequestDispatcher obtained from the Request, the target path + was normalised before the query string was removed. A request that + included a specially crafted request parameter could be used to access + content that would otherwise be protected by a security constraint or by + locating it in under the WEB-INF directory. + +This was fixed in + http://svn.apache.org/viewvc?rev=734734&view=rev";> + revision 734734. + +Affects: 6.0.0-6.0.18 + + Important: Denial of Service http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0033";> CVE-2009-0033 @@ -267,7 +285,7 @@ http://svn.apache.org/viewvc?rev=747840&view=rev";> revision 747840. -Affects: 6.0.0-6.0.18 (MemoryRealm) +Affects: 6.0.0-6.0.18 low: Cross-site scripting Modified: tomcat/site/trunk/xdocs/security-4.xml URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-4.xml?rev=782764&r1=782763&r2=782764&view=diff == --- tomcat/site/trunk/xdocs/security-4.xml (original) +++ tomcat/site/trunk/xdocs/security-4.xml Mon Jun 8 20:18:40 2009 @@ -44,6 +44,22 @@ +Important: Information Disclosure + http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-5515";> + CVE-2009-5515 + +When using a RequestDispatcher obtained from the Request, the target path + was normalised before the query string was removed. A request that + included a specially crafted request parameter could be used to access + content that would otherwise be protected by a security constraint or by + locating it in und
svn commit: r782770 - /tomcat/trunk/java/org/apache/catalina/ssi/SSIServletRequestUtil.java
Author: markt
Date: Mon Jun 8 20:25:34 2009
New Revision: 782770
URL: http://svn.apache.org/viewvc?rev=782770&view=rev
Log:
Remove a deprecated method
Modified:
tomcat/trunk/java/org/apache/catalina/ssi/SSIServletRequestUtil.java
Modified: tomcat/trunk/java/org/apache/catalina/ssi/SSIServletRequestUtil.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/ssi/SSIServletRequestUtil.java?rev=782770&r1=782769&r2=782770&view=diff
==
--- tomcat/trunk/java/org/apache/catalina/ssi/SSIServletRequestUtil.java
(original)
+++ tomcat/trunk/java/org/apache/catalina/ssi/SSIServletRequestUtil.java Mon
Jun 8 20:25:34 2009
@@ -50,22 +50,4 @@
return RequestUtil.normalize(result);
}
-
-/**
- * Return a context-relative path, beginning with a "/", that represents
- * the canonical version of the specified path after ".." and "." elements
- * are resolved out. If the specified path attempts to go outside the
- * boundaries of the current context (i.e. too many ".." path elements are
- * present), return null instead. This normalize should be
- * the same as DefaultServlet.normalize, which is almost the same ( see
- * source code below ) as RequestUtil.normalize. Do we need all this
- * duplication?
- *
- * @param path
- *Path to be normalized
- * @deprecated
- */
-public static String normalize(String path) {
-return RequestUtil.normalize(path);
-}
}
\ No newline at end of file
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
DO NOT REPLY [Bug 42536] The procedure entry point getaddrinfo could not be located in WS2_32.dll
https://issues.apache.org/bugzilla/show_bug.cgi?id=42536 --- Comment #3 from Petr 2009-06-08 13:47:08 PST --- The same occurs now with tcnative-1.dll 1.1.16 on Windows 2000, perhaps due to fixes to the 43327 -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[VOTE] Release JDBC Pool module v1.0.3
The release is located here: http://people.apache.org/~fhanik/jdbc-pool/v1.0.3/ [ ] STABLE - I couldn't find any bugs [ ] BETA - I found some bugs but not critical [ ] BROKEN - I found some show stoppers Any comments ? Thanks, Filip - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r782791 - in /tomcat/trunk: java/org/apache/catalina/core/StandardHost.java webapps/docs/config/host.xml
Author: markt Date: Mon Jun 8 21:29:27 2009 New Revision: 782791 URL: http://svn.apache.org/viewvc?rev=782791&view=rev Log: Use a more sensible default. Patch suggested by Ian Darwin. Modified: tomcat/trunk/java/org/apache/catalina/core/StandardHost.java tomcat/trunk/webapps/docs/config/host.xml Modified: tomcat/trunk/java/org/apache/catalina/core/StandardHost.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/core/StandardHost.java?rev=782791&r1=782790&r2=782791&view=diff == --- tomcat/trunk/java/org/apache/catalina/core/StandardHost.java (original) +++ tomcat/trunk/java/org/apache/catalina/core/StandardHost.java Mon Jun 8 21:29:27 2009 @@ -79,7 +79,7 @@ /** * The application root for this Host. */ -private String appBase = "."; +private String appBase = "webapps"; /** * The XML root for this Host. Modified: tomcat/trunk/webapps/docs/config/host.xml URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/config/host.xml?rev=782791&r1=782790&r2=782791&view=diff == --- tomcat/trunk/webapps/docs/config/host.xml (original) +++ tomcat/trunk/webapps/docs/config/host.xml Mon Jun 8 21:29:27 2009 @@ -83,7 +83,8 @@ to the $CATALINA_BASE directory. See Automatic Application Deployment for more information on automatic recognition and -deployment of web applications to be deployed automatically. +deployment of web applications to be deployed automatically. If not +specified, the default of webapps will be used. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r782794 - in /tomcat: current/tc5.5.x/STATUS.txt tc6.0.x/trunk/STATUS.txt
Author: markt Date: Mon Jun 8 21:35:33 2009 New Revision: 782794 URL: http://svn.apache.org/viewvc?rev=782794&view=rev Log: Propose patch Modified: tomcat/current/tc5.5.x/STATUS.txt tomcat/tc6.0.x/trunk/STATUS.txt Modified: tomcat/current/tc5.5.x/STATUS.txt URL: http://svn.apache.org/viewvc/tomcat/current/tc5.5.x/STATUS.txt?rev=782794&r1=782793&r2=782794&view=diff == --- tomcat/current/tc5.5.x/STATUS.txt (original) +++ tomcat/current/tc5.5.x/STATUS.txt Mon Jun 8 21:35:33 2009 @@ -140,3 +140,9 @@ https://issues.apache.org/bugzilla/attachment.cgi?id=23764 +1: markt, kkolinko -1: + +* Use a more senaible default for appBase + http://svn.apache.org/viewvc?rev=782791&view=rev + Patch by Ian Darwin + +1: markt + -1: Modified: tomcat/tc6.0.x/trunk/STATUS.txt URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=782794&r1=782793&r2=782794&view=diff == --- tomcat/tc6.0.x/trunk/STATUS.txt (original) +++ tomcat/tc6.0.x/trunk/STATUS.txt Mon Jun 8 21:35:33 2009 @@ -161,3 +161,8 @@ +1: markt, kkolinko -1: new regression - see bug for new test case +* Use a more senaible default for appBase + http://svn.apache.org/viewvc?rev=782791&view=rev + Patch by Ian Darwin + +1: markt + -1: - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[SECURITY] CVE-2008-5515 RequestDispatcher directory traversal vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 CVE-2008-5515: Apache Tomcat information disclosure vulnerability Severity: Important Vendor: The Apache Software Foundation Versions Affected: Tomcat 4.1.0 to 4.1.39 Tomcat 5.5.0 to 5.5.27 Tomcat 6.0.0 to 6.0.18 The unsupported Tomcat 3.x, 4.0.x and 5.0.x versions may be also affected Description: When using a RequestDispatcher obtained from the Request, the target path was normalised before the query string was removed. A request that included a specially crafted request parameter could be used to access content that would otherwise be protected by a security constraint or by locating it in under the WEB-INF directory. Mitigation: 6.0.x users should upgrade to 6.0.20 or apply this patch: http://svn.apache.org/viewvc?view=rev&revision=734734 5.5.x users should upgrade to 5.5.28 when released or apply this patch: http://svn.apache.org/viewvc?view=rev&revision=782757 4.1.x users should upgrade to 4.1.40 when released or apply this patch: http://svn.apache.org/viewvc?view=rev&revision=782763 Example: For a page that contains: <% request.getRequestDispatcher( "bar.jsp?somepar=someval&par=" + request.getParameter( "blah" ) ).forward( request, response ); %> an attacker can use: http://host/page.jsp?blah=/../WEB-INF/web.xml Credit: This issue was discovered by Iida Minehiko, Fujitsu Limited References: http://tomcat.apache.org/security.html -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkotiBQACgkQb7IeiTPGAkMi6QCgnlzEt/7byUJo2YXGHMLj2ckH rF8AoK8dmpZcxd5pV9VvEaPqm4xhXJPO =bDV5 -END PGP SIGNATURE- - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
