Author: markt
Date: Thu Aug 10 22:01:13 2017
New Revision: 1804734
URL: http://svn.apache.org/viewvc?rev=1804734&view=rev
Log:
Add info for:
- CVE-2017-7674
- CVE-2017-7675
Modified:
tomcat/site/trunk/docs/security-7.html
tomcat/site/trunk/docs/security-8.html
tomcat/site/trunk/docs/security-9.html
tomcat/site/trunk/xdocs/security-7.xml
tomcat/site/trunk/xdocs/security-8.xml
tomcat/site/trunk/xdocs/security-9.xml
Modified: tomcat/site/trunk/docs/security-7.html
URL:
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-7.html?rev=1804734&r1=1804733&r2=1804734&view=diff
==============================================================================
--- tomcat/site/trunk/docs/security-7.html (original)
+++ tomcat/site/trunk/docs/security-7.html Thu Aug 10 22:01:13 2017
@@ -210,6 +210,9 @@
<a href="#Apache_Tomcat_7.x_vulnerabilities">Apache Tomcat 7.x
vulnerabilities</a>
</li>
<li>
+<a href="#Fixed_in_Apache_Tomcat_7.0.79">Fixed in Apache Tomcat 7.0.79</a>
+</li>
+<li>
<a href="#Fixed_in_Apache_Tomcat_7.0.78">Fixed in Apache Tomcat 7.0.78</a>
</li>
<li>
@@ -366,6 +369,34 @@
</div>
+<h3 id="Fixed_in_Apache_Tomcat_7.0.79">
+<span style="float: right;">1 July 2017</span> Fixed in Apache Tomcat
7.0.79</h3>
+<div class="text">
+
+
+<p>
+<strong>Moderate: Cache Poisoning</strong>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7674"
rel="nofollow">CVE-2017-7674</a>
+</p>
+
+
+<p>The CORS Filter did not an HTTP Vary header indicating that the response
+ varies depending on Origin. This permitted client and server side cache
+ poisoning in some circumstances.</p>
+
+
+<p>This was fixed in revision <a
href="http://svn.apache.org/viewvc?view=rev&rev=1795816">1795816</a>.</p>
+
+
+<p>The issue was reported as bug <a
href="https://bz.apache.org/bugzilla/show_bug.cgi?id=61101">61101</a> on 16 May
2017. The full
+ implications of this issue were identified by the Tomcat Security Team
+ the same day. This issue was made public on 10 August 2017.</p>
+
+
+<p>Affects: 7.0.41 to 7.0.78</p>
+
+
+</div>
<h3 id="Fixed_in_Apache_Tomcat_7.0.78">
<span style="float: right;">16 May 2017</span> Fixed in Apache Tomcat
7.0.78</h3>
<div class="text">
Modified: tomcat/site/trunk/docs/security-8.html
URL:
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-8.html?rev=1804734&r1=1804733&r2=1804734&view=diff
==============================================================================
--- tomcat/site/trunk/docs/security-8.html (original)
+++ tomcat/site/trunk/docs/security-8.html Thu Aug 10 22:01:13 2017
@@ -210,6 +210,12 @@
<a href="#Apache_Tomcat_8.x_vulnerabilities">Apache Tomcat 8.x
vulnerabilities</a>
</li>
<li>
+<a href="#Fixed_in_Apache_Tomcat_8.0.45">Fixed in Apache Tomcat 8.0.45</a>
+</li>
+<li>
+<a href="#Fixed_in_Apache_Tomcat_8.5.16">Fixed in Apache Tomcat 8.5.16</a>
+</li>
+<li>
<a href="#Fixed_in_Apache_Tomcat_8.0.44">Fixed in Apache Tomcat 8.0.44</a>
</li>
<li>
@@ -330,6 +336,85 @@
</div>
+<h3 id="Fixed_in_Apache_Tomcat_8.0.45">
+<span style="float: right;">1 July 2017</span> Fixed in Apache Tomcat
8.0.45</h3>
+<div class="text">
+
+
+<p>
+<strong>Moderate: Cache Poisoning</strong>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7674"
rel="nofollow">CVE-2017-7674</a>
+</p>
+
+
+<p>The CORS Filter did not an HTTP Vary header indicating that the response
+ varies depending on Origin. This permitted client and server side cache
+ poisoning in some circumstances.</p>
+
+
+<p>This was fixed in revision <a
href="http://svn.apache.org/viewvc?view=rev&rev=1795815">1795815</a>.</p>
+
+
+<p>The issue was reported as bug <a
href="https://bz.apache.org/bugzilla/show_bug.cgi?id=61101">61101</a> on 16 May
2017. The full
+ implications of this issue were identified by the Tomcat Security Team
+ the same day. This issue was made public on 10 August 2017.</p>
+
+
+<p>Affects: 8.0.0.RC1 to 8.0.44</p>
+
+
+</div>
+<h3 id="Fixed_in_Apache_Tomcat_8.5.16">
+<span style="float: right;">26 June 2017</span> Fixed in Apache Tomcat
8.5.16</h3>
+<div class="text">
+
+
+<p>
+<strong>Important: Security Constraint Bypass</strong>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7675"
rel="nofollow">CVE-2017-7675</a>
+</p>
+
+
+<p>The HTTP/2 implementation bypassed a number of security checks that
+ prevented directory traversal attacks. It was therefore possible to
+ bypass security constraints using an specially crafted URL.</p>
+
+
+<p>This was fixed in revision <a
href="http://svn.apache.org/viewvc?view=rev&rev=1796091">1796091</a>.</p>
+
+
+<p>The issue was originally reported as a failure to process URL path
+ parameters in bug <a
href="https://bz.apache.org/bugzilla/show_bug.cgi?id=61120">61120</a> on 24 May
2017. The full implications
+ of this issue were identified by the Tomcat Security Team the same day.
+ This issue was made public on 10 August 2017.</p>
+
+
+<p>Affects: 8.5.0 to 8.5.15</p>
+
+
+<p>
+<strong>Moderate: Cache Poisoning</strong>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7674"
rel="nofollow">CVE-2017-7674</a>
+</p>
+
+
+<p>The CORS Filter did not an HTTP Vary header indicating that the response
+ varies depending on Origin. This permitted client and server side cache
+ poisoning in some circumstances.</p>
+
+
+<p>This was fixed in revision <a
href="http://svn.apache.org/viewvc?view=rev&rev=1795814">1795814</a>.</p>
+
+
+<p>The issue was reported as bug <a
href="https://bz.apache.org/bugzilla/show_bug.cgi?id=61101">61101</a> on 16 May
2017. The full
+ implications of this issue were identified by the Tomcat Security Team
+ the same day. This issue was made public on 10 August 2017.</p>
+
+
+<p>Affects: 8.5.0 to 8.5.15</p>
+
+
+</div>
<h3 id="Fixed_in_Apache_Tomcat_8.0.44">
<span style="float: right;">16 May 2017</span> Fixed in Apache Tomcat
8.0.44</h3>
<div class="text">
Modified: tomcat/site/trunk/docs/security-9.html
URL:
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-9.html?rev=1804734&r1=1804733&r2=1804734&view=diff
==============================================================================
--- tomcat/site/trunk/docs/security-9.html (original)
+++ tomcat/site/trunk/docs/security-9.html Thu Aug 10 22:01:13 2017
@@ -210,6 +210,9 @@
<a href="#Apache_Tomcat_9.x_vulnerabilities">Apache Tomcat 9.x
vulnerabilities</a>
</li>
<li>
+<a href="#Fixed_in_Apache_Tomcat_9.0.0.M22">Fixed in Apache Tomcat
9.0.0.M22</a>
+</li>
+<li>
<a href="#Fixed_in_Apache_Tomcat_9.0.0.M21">Fixed in Apache Tomcat
9.0.0.M21</a>
</li>
<li>
@@ -285,6 +288,57 @@
</div>
+<h3 id="Fixed_in_Apache_Tomcat_9.0.0.M22">
+<span style="float: right;">26 June 2017</span> Fixed in Apache Tomcat
9.0.0.M22</h3>
+<div class="text">
+
+
+<p>
+<strong>Important: Security Constraint Bypass</strong>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7675"
rel="nofollow">CVE-2017-7675</a>
+</p>
+
+
+<p>The HTTP/2 implementation bypassed a number of security checks that
+ prevented directory traversal attacks. It was therefore possible to
+ bypass security constraints using an specially crafted URL.</p>
+
+
+<p>This was fixed in revision <a
href="http://svn.apache.org/viewvc?view=rev&rev=1796090">1796090</a>.</p>
+
+
+<p>The issue was originally reported as a failure to process URL path
+ parameters in bug <a
href="https://bz.apache.org/bugzilla/show_bug.cgi?id=61120">61120</a> on 24 May
2017. The full implications
+ of this issue were identified by the Tomcat Security Team the same day.
+ This issue was made public on 10 August 2017.</p>
+
+
+<p>Affects: 9.0.0.M1 to 9.0.0.M21</p>
+
+
+<p>
+<strong>Moderate: Cache Poisoning</strong>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7674"
rel="nofollow">CVE-2017-7674</a>
+</p>
+
+
+<p>The CORS Filter did not an HTTP Vary header indicating that the response
+ varies depending on Origin. This permitted client and server side cache
+ poisoning in some circumstances.</p>
+
+
+<p>This was fixed in revision <a
href="http://svn.apache.org/viewvc?view=rev&rev=1795813">1795813</a>.</p>
+
+
+<p>The issue was reported as bug <a
href="https://bz.apache.org/bugzilla/show_bug.cgi?id=61101">61101</a> on 16 May
2017. The full
+ implications of this issue were identified by the Tomcat Security Team
+ the same day. This issue was made public on 10 August 2017.</p>
+
+
+<p>Affects: 9.0.0.M1 to 9.0.0.M21</p>
+
+
+</div>
<h3 id="Fixed_in_Apache_Tomcat_9.0.0.M21">
<span style="float: right;">10 May 2017</span> Fixed in Apache Tomcat
9.0.0.M21</h3>
<div class="text">
Modified: tomcat/site/trunk/xdocs/security-7.xml
URL:
http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-7.xml?rev=1804734&r1=1804733&r2=1804734&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/security-7.xml (original)
+++ tomcat/site/trunk/xdocs/security-7.xml Thu Aug 10 22:01:13 2017
@@ -50,6 +50,25 @@
</section>
+ <section name="Fixed in Apache Tomcat 7.0.79" rtext="1 July 2017">
+
+ <p><strong>Moderate: Cache Poisoning</strong>
+ <cve>CVE-2017-7674</cve></p>
+
+ <p>The CORS Filter did not an HTTP Vary header indicating that the response
+ varies depending on Origin. This permitted client and server side cache
+ poisoning in some circumstances.</p>
+
+ <p>This was fixed in revision <revlink rev="1795816">1795816</revlink>.</p>
+
+ <p>The issue was reported as bug <bug>61101</bug> on 16 May 2017. The full
+ implications of this issue were identified by the Tomcat Security Team
+ the same day. This issue was made public on 10 August 2017.</p>
+
+ <p>Affects: 7.0.41 to 7.0.78</p>
+
+ </section>
+
<section name="Fixed in Apache Tomcat 7.0.78" rtext="16 May 2017">
<p><strong>Important: Security Constraint Bypass</strong>
Modified: tomcat/site/trunk/xdocs/security-8.xml
URL:
http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-8.xml?rev=1804734&r1=1804733&r2=1804734&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/security-8.xml (original)
+++ tomcat/site/trunk/xdocs/security-8.xml Thu Aug 10 22:01:13 2017
@@ -50,6 +50,60 @@
</section>
+ <section name="Fixed in Apache Tomcat 8.0.45" rtext="1 July 2017">
+
+ <p><strong>Moderate: Cache Poisoning</strong>
+ <cve>CVE-2017-7674</cve></p>
+
+ <p>The CORS Filter did not an HTTP Vary header indicating that the response
+ varies depending on Origin. This permitted client and server side cache
+ poisoning in some circumstances.</p>
+
+ <p>This was fixed in revision <revlink rev="1795815">1795815</revlink>.</p>
+
+ <p>The issue was reported as bug <bug>61101</bug> on 16 May 2017. The full
+ implications of this issue were identified by the Tomcat Security Team
+ the same day. This issue was made public on 10 August 2017.</p>
+
+ <p>Affects: 8.0.0.RC1 to 8.0.44</p>
+
+ </section>
+
+ <section name="Fixed in Apache Tomcat 8.5.16" rtext="26 June 2017">
+
+ <p><strong>Important: Security Constraint Bypass</strong>
+ <cve>CVE-2017-7675</cve></p>
+
+ <p>The HTTP/2 implementation bypassed a number of security checks that
+ prevented directory traversal attacks. It was therefore possible to
+ bypass security constraints using an specially crafted URL.</p>
+
+ <p>This was fixed in revision <revlink rev="1796091">1796091</revlink>.</p>
+
+ <p>The issue was originally reported as a failure to process URL path
+ parameters in bug <bug>61120</bug> on 24 May 2017. The full implications
+ of this issue were identified by the Tomcat Security Team the same day.
+ This issue was made public on 10 August 2017.</p>
+
+ <p>Affects: 8.5.0 to 8.5.15</p>
+
+ <p><strong>Moderate: Cache Poisoning</strong>
+ <cve>CVE-2017-7674</cve></p>
+
+ <p>The CORS Filter did not an HTTP Vary header indicating that the response
+ varies depending on Origin. This permitted client and server side cache
+ poisoning in some circumstances.</p>
+
+ <p>This was fixed in revision <revlink rev="1795814">1795814</revlink>.</p>
+
+ <p>The issue was reported as bug <bug>61101</bug> on 16 May 2017. The full
+ implications of this issue were identified by the Tomcat Security Team
+ the same day. This issue was made public on 10 August 2017.</p>
+
+ <p>Affects: 8.5.0 to 8.5.15</p>
+
+ </section>
+
<section name="Fixed in Apache Tomcat 8.0.44" rtext="16 May 2017">
<p><strong>Important: Security Constraint Bypass</strong>
Modified: tomcat/site/trunk/xdocs/security-9.xml
URL:
http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-9.xml?rev=1804734&r1=1804733&r2=1804734&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/security-9.xml (original)
+++ tomcat/site/trunk/xdocs/security-9.xml Thu Aug 10 22:01:13 2017
@@ -50,6 +50,41 @@
</section>
+ <section name="Fixed in Apache Tomcat 9.0.0.M22" rtext="26 June 2017">
+
+ <p><strong>Important: Security Constraint Bypass</strong>
+ <cve>CVE-2017-7675</cve></p>
+
+ <p>The HTTP/2 implementation bypassed a number of security checks that
+ prevented directory traversal attacks. It was therefore possible to
+ bypass security constraints using an specially crafted URL.</p>
+
+ <p>This was fixed in revision <revlink rev="1796090">1796090</revlink>.</p>
+
+ <p>The issue was originally reported as a failure to process URL path
+ parameters in bug <bug>61120</bug> on 24 May 2017. The full implications
+ of this issue were identified by the Tomcat Security Team the same day.
+ This issue was made public on 10 August 2017.</p>
+
+ <p>Affects: 9.0.0.M1 to 9.0.0.M21</p>
+
+ <p><strong>Moderate: Cache Poisoning</strong>
+ <cve>CVE-2017-7674</cve></p>
+
+ <p>The CORS Filter did not an HTTP Vary header indicating that the response
+ varies depending on Origin. This permitted client and server side cache
+ poisoning in some circumstances.</p>
+
+ <p>This was fixed in revision <revlink rev="1795813">1795813</revlink>.</p>
+
+ <p>The issue was reported as bug <bug>61101</bug> on 16 May 2017. The full
+ implications of this issue were identified by the Tomcat Security Team
+ the same day. This issue was made public on 10 August 2017.</p>
+
+ <p>Affects: 9.0.0.M1 to 9.0.0.M21</p>
+
+ </section>
+
<section name="Fixed in Apache Tomcat 9.0.0.M21" rtext="10 May 2017">
<p><strong>Important: Security Constraint Bypass</strong>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]