Author: markt Date: Sun Apr 1 10:18:07 2007 New Revision: 524636 URL: http://svn.apache.org/viewvc?view=rev&rev=524636 Log: Better info on snoop servlet issues and change 3.3 to 3.3a
Modified: tomcat/site/trunk/docs/security-3.html tomcat/site/trunk/xdocs/security-3.xml Modified: tomcat/site/trunk/docs/security-3.html URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-3.html?view=diff&rev=524636&r1=524635&r2=524636 ============================================================================== --- tomcat/site/trunk/docs/security-3.html (original) +++ tomcat/site/trunk/docs/security-3.html Sun Apr 1 10:18:07 2007 @@ -233,19 +233,7 @@ adequately firewalled to ensure it is not accessible to remote attackers. There are no plans to issue a an update to Tomcat 3.x for this issue.</p> - <p>Affects: 3.0, 3.1-3.1.1, 3.2-3.2.4, 3.3-3.3.2</p> - - <p> -<strong>low: Information disclosure</strong> - <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2006"> - CVE-2002-2006</a> -</p> - - <p>The snoop servlet installed as part of the examples includes output that - identifies the Tomcat installation path. There are no plans to issue a an - update to Tomcat 3.x for this issue.</p> - - <p>Affects: 3.0, 3.1-3.1.1, 3.2-3.2.4, 3.3-3.3.2</p> + <p>Affects: 3.0, 3.1-3.1.1, 3.2-3.2.4, 3.3a-3.3.2</p> </blockquote> </p> </td> @@ -281,7 +269,7 @@ recommended that the examples web application is not installed on production servers.</p> - <p>Affects: 3.0, 3.1-3.1.1, 3.2-3.2.4, 3.3-3.3.1a</p> + <p>Affects: 3.0, 3.1-3.1.1, 3.2-3.2.4, 3.3a-3.3.1a</p> </blockquote> </p> </td> @@ -316,7 +304,7 @@ trusted privileges enabling files outside of the web application to be read even when running under a security manager.</p> - <p>Affects: 3.0, 3.1-3.1.1, 3.2-3.2.4, 3.3-3.3.1</p> + <p>Affects: 3.0, 3.1-3.1.1, 3.2-3.2.4, 3.3a-3.3.1</p> <p> <strong>important: Information disclosure</strong> @@ -328,7 +316,7 @@ returned or a directory listing being returned even when a welcome file was defined.</p> - <p>Affects: 3.0, 3.1-3.1.1, 3.2-3.2.4, 3.3-3.3.1</p> + <p>Affects: 3.0, 3.1-3.1.1, 3.2-3.2.4, 3.3a-3.3.1</p> </blockquote> </p> </td> @@ -364,7 +352,7 @@ sequence of such requests may cause all request processing threads, and hence Tomcat, to become unresponsive.</p> - <p>Affects: 3.0, 3.1-3.1.1, 3.2-3.2.4, 3.3</p> + <p>Affects: 3.0, 3.1-3.1.1, 3.2-3.2.4, 3.3a</p> </blockquote> </p> </td> @@ -379,8 +367,8 @@ <tr> <td bgcolor="#525D76"> <font color="#ffffff" face="arial,helvetica,sanserif"> -<a name="Fixed in Apache Tomcat 3.3"> -<strong>Fixed in Apache Tomcat 3.3</strong> +<a name="Fixed in Apache Tomcat 3.3a"> +<strong>Fixed in Apache Tomcat 3.3a</strong> </a> </font> </td> @@ -400,6 +388,20 @@ file system path for a JSP.</p> <p>Affects: 3.2.3-3.2.4</p> + + <p> +<strong>low: Information disclosure</strong> + <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2006"> + CVE-2002-2006</a>, + <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0760"> + CVE-2000-0760</a> +</p> + + <p>The snoop servlet installed as part of the examples includes output that + identifies the Tomcat installation path. There are no plans to issue a an + update to Tomcat 3.x for this issue.</p> + + <p>Affects: 3.0, 3.1-3.1.1, 3.2-3.2.4</p> </blockquote> </p> </td> Modified: tomcat/site/trunk/xdocs/security-3.xml URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-3.xml?view=diff&rev=524636&r1=524635&r2=524636 ============================================================================== --- tomcat/site/trunk/xdocs/security-3.xml (original) +++ tomcat/site/trunk/xdocs/security-3.xml Sun Apr 1 10:18:07 2007 @@ -35,17 +35,7 @@ adequately firewalled to ensure it is not accessible to remote attackers. There are no plans to issue a an update to Tomcat 3.x for this issue.</p> - <p>Affects: 3.0, 3.1-3.1.1, 3.2-3.2.4, 3.3-3.3.2</p> - - <p><strong>low: Information disclosure</strong> - <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2006"> - CVE-2002-2006</a></p> - - <p>The snoop servlet installed as part of the examples includes output that - identifies the Tomcat installation path. There are no plans to issue a an - update to Tomcat 3.x for this issue.</p> - - <p>Affects: 3.0, 3.1-3.1.1, 3.2-3.2.4, 3.3-3.3.2</p> + <p>Affects: 3.0, 3.1-3.1.1, 3.2-3.2.4, 3.3a-3.3.2</p> </section> <section name="Fixed in Apache Tomcat 3.3.2"> @@ -58,7 +48,7 @@ recommended that the examples web application is not installed on production servers.</p> - <p>Affects: 3.0, 3.1-3.1.1, 3.2-3.2.4, 3.3-3.3.1a</p> + <p>Affects: 3.0, 3.1-3.1.1, 3.2-3.2.4, 3.3a-3.3.1a</p> </section> <section name="Fixed in Apache Tomcat 3.3.1a"> @@ -70,7 +60,7 @@ trusted privileges enabling files outside of the web application to be read even when running under a security manager.</p> - <p>Affects: 3.0, 3.1-3.1.1, 3.2-3.2.4, 3.3-3.3.1</p> + <p>Affects: 3.0, 3.1-3.1.1, 3.2-3.2.4, 3.3a-3.3.1</p> <p><strong>important: Information disclosure</strong> <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0042"> @@ -80,7 +70,7 @@ returned or a directory listing being returned even when a welcome file was defined.</p> - <p>Affects: 3.0, 3.1-3.1.1, 3.2-3.2.4, 3.3-3.3.1</p> + <p>Affects: 3.0, 3.1-3.1.1, 3.2-3.2.4, 3.3a-3.3.1</p> </section> <section name="Fixed in Apache Tomcat 3.3.1"> @@ -93,10 +83,10 @@ sequence of such requests may cause all request processing threads, and hence Tomcat, to become unresponsive.</p> - <p>Affects: 3.0, 3.1-3.1.1, 3.2-3.2.4, 3.3</p> + <p>Affects: 3.0, 3.1-3.1.1, 3.2-3.2.4, 3.3a</p> </section> - <section name="Fixed in Apache Tomcat 3.3"> + <section name="Fixed in Apache Tomcat 3.3a"> <p><strong>moderate: Information disclosure</strong> <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2007"> CVE-2002-2007</a></p> @@ -106,6 +96,18 @@ file system path for a JSP.</p> <p>Affects: 3.2.3-3.2.4</p> + + <p><strong>low: Information disclosure</strong> + <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2006"> + CVE-2002-2006</a>, + <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0760"> + CVE-2000-0760</a></p> + + <p>The snoop servlet installed as part of the examples includes output that + identifies the Tomcat installation path. There are no plans to issue a an + update to Tomcat 3.x for this issue.</p> + + <p>Affects:3.1-3.1.1, 3.2-3.2.4</p> </section> <section name="Fixed in Apache Tomcat 3.2.4"> --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]