Author: markt Date: Thu Apr 5 16:52:26 2007 New Revision: 526003 URL: http://svn.apache.org/viewvc?view=rev&rev=526003 Log: Fix typos reported in bug 42047.
Modified: tomcat/site/trunk/docs/security-3.html tomcat/site/trunk/xdocs/security-3.xml Modified: tomcat/site/trunk/docs/security-3.html URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-3.html?view=diff&rev=526003&r1=526002&r2=526003 ============================================================================== --- tomcat/site/trunk/docs/security-3.html (original) +++ tomcat/site/trunk/docs/security-3.html Thu Apr 5 16:52:26 2007 @@ -496,8 +496,8 @@ <tr> <td bgcolor="#525D76"> <font color="#ffffff" face="arial,helvetica,sanserif"> -<a name="Fixed in Apache Tomcat 3.2.1"> -<strong>Fixed in Apache Tomcat 3.2.1</strong> +<a name="Fixed in Apache Tomcat 3.2"> +<strong>Fixed in Apache Tomcat 3.2</strong> </a> </font> </td> @@ -517,6 +517,20 @@ includes the full file system page of the current context.</p> <p>Affects: 3.1</p> + + <p> +<strong>important: Information disclosure</strong> + <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0672"> + CVE-2000-0672</a> +<br/> +</p> + + <p>Access to the admin context is not protected. This context allows an + attacker to mount an arbitary file system path as a context. Any files + accessible from this file sytem path to the account under which Tomcat + is running are then visible to the attacker.</p> + + <p>Affects: 3.1</p> </blockquote> </p> </td> @@ -544,12 +558,12 @@ <p> <strong>important: Information disclosure</strong> <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1210"> - CVE-2001-0590</a> + CVE-2000-1210</a> <br/> </p> <p>source.jsp, provided as part of the examples, allows an attacker to read - arbitary files via a .. (dot dot) in the argument to source.jsp.</p> + arbitrary files via a .. (dot dot) in the argument to source.jsp.</p> <p>Affects: 3.0</p> </blockquote> Modified: tomcat/site/trunk/xdocs/security-3.xml URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-3.xml?view=diff&rev=526003&r1=526002&r2=526003 ============================================================================== --- tomcat/site/trunk/xdocs/security-3.xml (original) +++ tomcat/site/trunk/xdocs/security-3.xml Thu Apr 5 16:52:26 2007 @@ -165,10 +165,10 @@ <section name="Fixed in Apache Tomcat 3.1"> <p><strong>important: Information disclosure</strong> <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1210"> - CVE-2001-0590</a><br/></p> + CVE-2000-1210</a><br/></p> <p>source.jsp, provided as part of the examples, allows an attacker to read - arbitary files via a .. (dot dot) in the argument to source.jsp.</p> + arbitrary files via a .. (dot dot) in the argument to source.jsp.</p> <p>Affects: 3.0</p> </section> --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]