Author: markt Date: Thu Jan 5 15:11:49 2017 New Revision: 1777473 URL: http://svn.apache.org/viewvc?rev=1777473&view=rev Log: Update information for CVE-2016-8745 8.0.x, 7.0.x and 6.0.x also affected
Modified: tomcat/site/trunk/docs/security-6.html tomcat/site/trunk/docs/security-7.html tomcat/site/trunk/docs/security-8.html tomcat/site/trunk/docs/security-9.html tomcat/site/trunk/xdocs/security-6.xml tomcat/site/trunk/xdocs/security-7.xml tomcat/site/trunk/xdocs/security-8.xml tomcat/site/trunk/xdocs/security-9.xml Modified: tomcat/site/trunk/docs/security-6.html URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-6.html?rev=1777473&r1=1777472&r2=1777473&view=diff ============================================================================== --- tomcat/site/trunk/docs/security-6.html (original) +++ tomcat/site/trunk/docs/security-6.html Thu Jan 5 15:11:49 2017 @@ -219,6 +219,9 @@ <a href="#Apache_Tomcat_6.x_vulnerabilities">Apache Tomcat 6.x vulnerabilities</a> </li> <li> +<a href="#Fixed_in_Apache_Tomcat_6.0.49">Fixed in Apache Tomcat 6.0.49</a> +</li> +<li> <a href="#Fixed_in_Apache_Tomcat_6.0.48">Fixed in Apache Tomcat 6.0.48</a> </li> <li> @@ -337,6 +340,36 @@ </div> +<h3 id="Fixed_in_Apache_Tomcat_6.0.49"> +<span style="float: right;">not yet released</span> Fixed in Apache Tomcat 6.0.49</h3> +<div class="text"> + + +<p> +<strong>Important: Information Disclosure</strong> + <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8745" rel="nofollow">CVE-2016-8745</a> +</p> + + +<p>A bug in the error handling of the send file code for the NIO HTTP + connector resulted in the current Processor object being added to the + Processor cache multiple times. This in turn meant that the same + Processor could be used for concurrent requests. Sharing a Processor can + result in information leakage between requests including, not not limited + to, session ID and the response body.</p> + + +<p>This was fixed in revision <a href="http://svn.apache.org/viewvc?view=rev&rev=1777472">1777472</a>.</p> + + +<p>This issue was identified as affecting 6.0.x by the Apache Tomcat Security + Team on 3 January 2016 and made public on 5 January 207.</p> + + +<p>Affects: 6.0.16 to 6.0.48</p> + + +</div> <h3 id="Fixed_in_Apache_Tomcat_6.0.48"> <span style="float: right;">15 November 2016</span> Fixed in Apache Tomcat 6.0.48</h3> <div class="text"> Modified: tomcat/site/trunk/docs/security-7.html URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-7.html?rev=1777473&r1=1777472&r2=1777473&view=diff ============================================================================== --- tomcat/site/trunk/docs/security-7.html (original) +++ tomcat/site/trunk/docs/security-7.html Thu Jan 5 15:11:49 2017 @@ -219,6 +219,9 @@ <a href="#Apache_Tomcat_7.x_vulnerabilities">Apache Tomcat 7.x vulnerabilities</a> </li> <li> +<a href="#Fixed_in_Apache_Tomcat_7.0.74">Fixed in Apache Tomcat 7.0.74</a> +</li> +<li> <a href="#Fixed_in_Apache_Tomcat_7.0.73">Fixed in Apache Tomcat 7.0.73</a> </li> <li> @@ -363,6 +366,36 @@ </div> +<h3 id="Fixed_in_Apache_Tomcat_7.0.74"> +<span style="float: right;">not yet released</span> Fixed in Apache Tomcat 7.0.74</h3> +<div class="text"> + + +<p> +<strong>Important: Information Disclosure</strong> + <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8745" rel="nofollow">CVE-2016-8745</a> +</p> + + +<p>A bug in the error handling of the send file code for the NIO HTTP + connector resulted in the current Processor object being added to the + Processor cache multiple times. This in turn meant that the same + Processor could be used for concurrent requests. Sharing a Processor can + result in information leakage between requests including, not not limited + to, session ID and the response body.</p> + + +<p>This was fixed in revision <a href="http://svn.apache.org/viewvc?view=rev&rev=1777471">1777471</a>.</p> + + +<p>This issue was identified as affecting 7.0.x by the Apache Tomcat Security + Team on 3 January 2016 and made public on 5 January 207.</p> + + +<p>Affects: 7.0.0 to 7.0.73</p> + + +</div> <h3 id="Fixed_in_Apache_Tomcat_7.0.73"> <span style="float: right;">14 November 2016</span> Fixed in Apache Tomcat 7.0.73</h3> <div class="text"> Modified: tomcat/site/trunk/docs/security-8.html URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-8.html?rev=1777473&r1=1777472&r2=1777473&view=diff ============================================================================== --- tomcat/site/trunk/docs/security-8.html (original) +++ tomcat/site/trunk/docs/security-8.html Thu Jan 5 15:11:49 2017 @@ -219,6 +219,9 @@ <a href="#Apache_Tomcat_8.x_vulnerabilities">Apache Tomcat 8.x vulnerabilities</a> </li> <li> +<a href="#Fixed_in_Apache_Tomcat_8.0.40">Fixed in Apache Tomcat 8.0.40</a> +</li> +<li> <a href="#Fixed_in_Apache_Tomcat_8.5.9">Fixed in Apache Tomcat 8.5.9</a> </li> <li> @@ -315,6 +318,36 @@ </div> +<h3 id="Fixed_in_Apache_Tomcat_8.0.40"> +<span style="float: right;">not yet released</span> Fixed in Apache Tomcat 8.0.40</h3> +<div class="text"> + + +<p> +<strong>Important: Information Disclosure</strong> + <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8745" rel="nofollow">CVE-2016-8745</a> +</p> + + +<p>A bug in the error handling of the send file code for the NIO HTTP + connector resulted in the current Processor object being added to the + Processor cache multiple times. This in turn meant that the same + Processor could be used for concurrent requests. Sharing a Processor can + result in information leakage between requests including, not not limited + to, session ID and the response body.</p> + + +<p>This was fixed in revision <a href="http://svn.apache.org/viewvc?view=rev&rev=1777469">1777469</a>.</p> + + +<p>This issue was identified as affecting 8.0.x by the Apache Tomcat Security + Team on 3 January 2016 and made public on 5 January 207.</p> + + +<p>Affects: 8.0.0.RC1 to 8.0.39</p> + + +</div> <h3 id="Fixed_in_Apache_Tomcat_8.5.9"> <span style="float: right;">8 December 2016</span> Fixed in Apache Tomcat 8.5.9</h3> <div class="text"> @@ -326,14 +359,12 @@ </p> -<p>The refactoring of the Connector code for 8.5.x onwards introduced a - regression in the error handling of the send file code for the NIO HTTP - connector. An error during send file processing resulted in the current - Processor object being added to the Processor cache multiple times. This - in turn meant that the same Processor could be used for concurrent - requests. Sharing a Processor can result in information leakage between - requests including, not not limited to, session ID and the response body. - </p> +<p>A bug in the error handling of the send file code for the NIO HTTP + connector resulted in the current Processor object being added to the + Processor cache multiple times. This in turn meant that the same + Processor could be used for concurrent requests. Sharing a Processor can + result in information leakage between requests including, not not limited + to, session ID and the response body.</p> <p>This was fixed in revision <a href="http://svn.apache.org/viewvc?view=rev&rev=1771857">1771857</a>.</p> Modified: tomcat/site/trunk/docs/security-9.html URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-9.html?rev=1777473&r1=1777472&r2=1777473&view=diff ============================================================================== --- tomcat/site/trunk/docs/security-9.html (original) +++ tomcat/site/trunk/docs/security-9.html Thu Jan 5 15:11:49 2017 @@ -302,14 +302,12 @@ </p> -<p>The refactoring of the Connector code for 8.5.x onwards introduced a - regression in the error handling of the send file code for the NIO HTTP - connector. An error during send file processing resulted in the current - Processor object being added to the Processor cache multiple times. This - in turn meant that the same Processor could be used for concurrent - requests. Sharing a Processor can result in information leakage between - requests including, not not limited to, session ID and the response body. - </p> +<p>A bug in the error handling of the send file code for the NIO HTTP + connector resulted in the current Processor object being added to the + Processor cache multiple times. This in turn meant that the same + Processor could be used for concurrent requests. Sharing a Processor can + result in information leakage between requests including, not not limited + to, session ID and the response body.</p> <p>This was fixed in revision <a href="http://svn.apache.org/viewvc?view=rev&rev=1771853">1771853</a>.</p> Modified: tomcat/site/trunk/xdocs/security-6.xml URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-6.xml?rev=1777473&r1=1777472&r2=1777473&view=diff ============================================================================== --- tomcat/site/trunk/xdocs/security-6.xml (original) +++ tomcat/site/trunk/xdocs/security-6.xml Thu Jan 5 15:11:49 2017 @@ -48,6 +48,27 @@ </section> + <section name="Fixed in Apache Tomcat 6.0.49" rtext="not yet released"> + + <p><strong>Important: Information Disclosure</strong> + <cve>CVE-2016-8745</cve></p> + + <p>A bug in the error handling of the send file code for the NIO HTTP + connector resulted in the current Processor object being added to the + Processor cache multiple times. This in turn meant that the same + Processor could be used for concurrent requests. Sharing a Processor can + result in information leakage between requests including, not not limited + to, session ID and the response body.</p> + + <p>This was fixed in revision <revlink rev="1777472">1777472</revlink>.</p> + + <p>This issue was identified as affecting 6.0.x by the Apache Tomcat Security + Team on 3 January 2016 and made public on 5 January 207.</p> + + <p>Affects: 6.0.16 to 6.0.48</p> + + </section> + <section name="Fixed in Apache Tomcat 6.0.48" rtext="15 November 2016"> <p><strong>Important: Remote Code Execution</strong> Modified: tomcat/site/trunk/xdocs/security-7.xml URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-7.xml?rev=1777473&r1=1777472&r2=1777473&view=diff ============================================================================== --- tomcat/site/trunk/xdocs/security-7.xml (original) +++ tomcat/site/trunk/xdocs/security-7.xml Thu Jan 5 15:11:49 2017 @@ -50,6 +50,27 @@ </section> + <section name="Fixed in Apache Tomcat 7.0.74" rtext="not yet released"> + + <p><strong>Important: Information Disclosure</strong> + <cve>CVE-2016-8745</cve></p> + + <p>A bug in the error handling of the send file code for the NIO HTTP + connector resulted in the current Processor object being added to the + Processor cache multiple times. This in turn meant that the same + Processor could be used for concurrent requests. Sharing a Processor can + result in information leakage between requests including, not not limited + to, session ID and the response body.</p> + + <p>This was fixed in revision <revlink rev="1777471">1777471</revlink>.</p> + + <p>This issue was identified as affecting 7.0.x by the Apache Tomcat Security + Team on 3 January 2016 and made public on 5 January 207.</p> + + <p>Affects: 7.0.0 to 7.0.73</p> + + </section> + <section name="Fixed in Apache Tomcat 7.0.73" rtext="14 November 2016"> <p><strong>Important: Remote Code Execution</strong> Modified: tomcat/site/trunk/xdocs/security-8.xml URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-8.xml?rev=1777473&r1=1777472&r2=1777473&view=diff ============================================================================== --- tomcat/site/trunk/xdocs/security-8.xml (original) +++ tomcat/site/trunk/xdocs/security-8.xml Thu Jan 5 15:11:49 2017 @@ -50,19 +50,38 @@ </section> + <section name="Fixed in Apache Tomcat 8.0.40" rtext="not yet released"> + + <p><strong>Important: Information Disclosure</strong> + <cve>CVE-2016-8745</cve></p> + + <p>A bug in the error handling of the send file code for the NIO HTTP + connector resulted in the current Processor object being added to the + Processor cache multiple times. This in turn meant that the same + Processor could be used for concurrent requests. Sharing a Processor can + result in information leakage between requests including, not not limited + to, session ID and the response body.</p> + + <p>This was fixed in revision <revlink rev="1777469">1777469</revlink>.</p> + + <p>This issue was identified as affecting 8.0.x by the Apache Tomcat Security + Team on 3 January 2016 and made public on 5 January 207.</p> + + <p>Affects: 8.0.0.RC1 to 8.0.39</p> + + </section> + <section name="Fixed in Apache Tomcat 8.5.9" rtext="8 December 2016"> <p><strong>Important: Information Disclosure</strong> <cve>CVE-2016-8745</cve></p> - <p>The refactoring of the Connector code for 8.5.x onwards introduced a - regression in the error handling of the send file code for the NIO HTTP - connector. An error during send file processing resulted in the current - Processor object being added to the Processor cache multiple times. This - in turn meant that the same Processor could be used for concurrent - requests. Sharing a Processor can result in information leakage between - requests including, not not limited to, session ID and the response body. - </p> + <p>A bug in the error handling of the send file code for the NIO HTTP + connector resulted in the current Processor object being added to the + Processor cache multiple times. This in turn meant that the same + Processor could be used for concurrent requests. Sharing a Processor can + result in information leakage between requests including, not not limited + to, session ID and the response body.</p> <p>This was fixed in revision <revlink rev="1771857">1771857</revlink>.</p> Modified: tomcat/site/trunk/xdocs/security-9.xml URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-9.xml?rev=1777473&r1=1777472&r2=1777473&view=diff ============================================================================== --- tomcat/site/trunk/xdocs/security-9.xml (original) +++ tomcat/site/trunk/xdocs/security-9.xml Thu Jan 5 15:11:49 2017 @@ -61,14 +61,12 @@ <p><strong>Important: Information Disclosure</strong> <cve>CVE-2016-8745</cve></p> - <p>The refactoring of the Connector code for 8.5.x onwards introduced a - regression in the error handling of the send file code for the NIO HTTP - connector. An error during send file processing resulted in the current - Processor object being added to the Processor cache multiple times. This - in turn meant that the same Processor could be used for concurrent - requests. Sharing a Processor can result in information leakage between - requests including, not not limited to, session ID and the response body. - </p> + <p>A bug in the error handling of the send file code for the NIO HTTP + connector resulted in the current Processor object being added to the + Processor cache multiple times. This in turn meant that the same + Processor could be used for concurrent requests. Sharing a Processor can + result in information leakage between requests including, not not limited + to, session ID and the response body.</p> <p>This was fixed in revision <revlink rev="1771853">1771853</revlink>.</p> --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org