svn commit: r526003 - in /tomcat/site/trunk: docs/security-3.html xdocs/security-3.xml

Thu, 05 Apr 2007 16:52:48 -0700 

Author: markt
Date: Thu Apr  5 16:52:26 2007
New Revision: 526003

URL: http://svn.apache.org/viewvc?view=rev&rev=526003
Log:
Fix typos reported in bug 42047.

Modified:
    tomcat/site/trunk/docs/security-3.html
    tomcat/site/trunk/xdocs/security-3.xml

Modified: tomcat/site/trunk/docs/security-3.html
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-3.html?view=diff&rev=526003&r1=526002&r2=526003
==============================================================================
--- tomcat/site/trunk/docs/security-3.html (original)
+++ tomcat/site/trunk/docs/security-3.html Thu Apr  5 16:52:26 2007
@@ -496,8 +496,8 @@
 <tr>
 <td bgcolor="#525D76">
 <font color="#ffffff" face="arial,helvetica,sanserif">
-<a name="Fixed in Apache Tomcat 3.2.1">
-<strong>Fixed in Apache Tomcat 3.2.1</strong>
+<a name="Fixed in Apache Tomcat 3.2">
+<strong>Fixed in Apache Tomcat 3.2</strong>
 </a>
 </font>
 </td>
@@ -517,6 +517,20 @@
        includes the full file system page of the current context.</p>
 
     <p>Affects: 3.1</p>
+
+    <p>
+<strong>important: Information disclosure</strong>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0672";>
+       CVE-2000-0672</a>
+<br/>
+</p>
+
+    <p>Access to the admin context is not protected. This context allows an
+       attacker to mount an arbitary file system path as a context. Any files
+       accessible from this file sytem path to the account under which Tomcat
+       is running are then visible to the attacker.</p>
+
+    <p>Affects: 3.1</p>
   </blockquote>
 </p>
 </td>
@@ -544,12 +558,12 @@
     <p>
 <strong>important: Information disclosure</strong>
        <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1210";>
-       CVE-2001-0590</a>
+       CVE-2000-1210</a>
 <br/>
 </p>
 
     <p>source.jsp, provided as part of the examples, allows an attacker to read
-       arbitary files via a .. (dot dot) in the argument to source.jsp.</p>
+       arbitrary files via a .. (dot dot) in the argument to source.jsp.</p>
 
     <p>Affects: 3.0</p>
   </blockquote>

Modified: tomcat/site/trunk/xdocs/security-3.xml
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-3.xml?view=diff&rev=526003&r1=526002&r2=526003
==============================================================================
--- tomcat/site/trunk/xdocs/security-3.xml (original)
+++ tomcat/site/trunk/xdocs/security-3.xml Thu Apr  5 16:52:26 2007
@@ -165,10 +165,10 @@
   <section name="Fixed in Apache Tomcat 3.1">
     <p><strong>important: Information disclosure</strong>
        <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1210";>
-       CVE-2001-0590</a><br/></p>
+       CVE-2000-1210</a><br/></p>
 
     <p>source.jsp, provided as part of the examples, allows an attacker to read
-       arbitary files via a .. (dot dot) in the argument to source.jsp.</p>
+       arbitrary files via a .. (dot dot) in the argument to source.jsp.</p>
 
     <p>Affects: 3.0</p>
   </section>



---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to