svn commit: r562006 - in /tomcat/site/trunk: docs/security-3.html xdocs/security-3.xml

Wed, 01 Aug 2007 20:17:28 -0700 

Author: markt
Date: Wed Aug  1 20:16:38 2007
New Revision: 562006

URL: http://svn.apache.org/viewvc?view=rev&rev=562006
Log:
Add info on CVE-2007-3384

Modified:
    tomcat/site/trunk/docs/security-3.html
    tomcat/site/trunk/xdocs/security-3.xml

Modified: tomcat/site/trunk/docs/security-3.html
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-3.html?view=diff&rev=562006&r1=562005&r2=562006
==============================================================================
--- tomcat/site/trunk/docs/security-3.html (original)
+++ tomcat/site/trunk/docs/security-3.html Wed Aug  1 20:16:38 2007
@@ -237,6 +237,18 @@
        There are no plans to issue a an update to Tomcat 3.x for this 
issue.</p>
 
     <p>Affects: 3.0, 3.1-3.1.1, 3.2-3.2.4, 3.3a-3.3.2</p>
+
+    <p>
+<strong>low: Cross site scripting</strong>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3384";>
+       CVE-2007-3384</a>
+</p>
+
+    <p>When reporting error messages, Tomcat does not filter user supplied data
+       before display. This enables an XSS attack. A source patch is available
+       from the <a href="download-33.cgi">Tomcat 3 download page</a>.</p>
+
+    <p>Affects: 3.3-3.3.2</p>
   </blockquote>
 </p>
 </td>

Modified: tomcat/site/trunk/xdocs/security-3.xml
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-3.xml?view=diff&rev=562006&r1=562005&r2=562006
==============================================================================
--- tomcat/site/trunk/xdocs/security-3.xml (original)
+++ tomcat/site/trunk/xdocs/security-3.xml Wed Aug  1 20:16:38 2007
@@ -36,6 +36,16 @@
        There are no plans to issue a an update to Tomcat 3.x for this 
issue.</p>
 
     <p>Affects: 3.0, 3.1-3.1.1, 3.2-3.2.4, 3.3a-3.3.2</p>
+
+    <p><strong>low: Cross site scripting</strong>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3384";>
+       CVE-2007-3384</a></p>
+
+    <p>When reporting error messages, Tomcat does not filter user supplied data
+       before display. This enables an XSS attack. A source patch is available
+       from the <a href="download-33.cgi">Tomcat 3 download page</a>.</p>
+
+    <p>Affects: 3.3-3.3.2</p>
   </section>
 
   <section name="Fixed in Apache Tomcat 3.3.2">



---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to