Author: kkolinko Date: Thu Mar 4 15:26:32 2010 New Revision: 919020 URL: http://svn.apache.org/viewvc?rev=919020&view=rev Log: update the security page, because the fix for CVE-2009-3548 was applied to 5.5
Modified: tomcat/site/trunk/docs/security-5.html tomcat/site/trunk/xdocs/security-5.xml Modified: tomcat/site/trunk/docs/security-5.html URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-5.html?rev=919020&r1=919019&r2=919020&view=diff ============================================================================== --- tomcat/site/trunk/docs/security-5.html (original) +++ tomcat/site/trunk/docs/security-5.html Thu Mar 4 15:26:32 2010 @@ -3,18 +3,18 @@ <html> <head> <title>Apache Tomcat - Apache Tomcat 5.x vulnerabilities</title> -<meta name="author" content="Apache Tomcat Project"/> -<link type="text/css" href="stylesheets/tomcat.css" rel="stylesheet"/> -<link type="text/css" href="stylesheets/tomcat-printer.css" rel="stylesheet" media="print"/> +<meta content="Apache Tomcat Project" name="author" /> +<link rel="stylesheet" href="stylesheets/tomcat.css" type="text/css" /> +<link media="print" rel="stylesheet" href="stylesheets/tomcat-printer.css" type="text/css" /> </head> -<body bgcolor="#ffffff" text="#000000" link="#525D76" alink="#525D76" vlink="#525D76"> -<table border="0" width="100%" cellspacing="0"> +<body vlink="#525D76" alink="#525D76" link="#525D76" text="#000000" bgcolor="#ffffff"> +<table cellspacing="0" width="100%" border="0"> <!--PAGE HEADER--> <tr> <td> <!--PROJECT LOGO--> <a href="http://tomcat.apache.org/"> -<img src="./images/tomcat10.jpg" align="left" alt="Tomcat Logo" border="0"/> +<img border="0" alt="Tomcat Logo" align="left" src="./images/tomcat10.jpg" /> </a> </td> <td> @@ -25,28 +25,28 @@ <td> <!--APACHE LOGO--> <a href="http://www.apache.org/"> -<img src="http://www.apache.org/images/asf-logo.gif" align="right" alt="Apache Logo" border="0"/> +<img border="0" alt="Apache Logo" align="right" src="http://www.apache.org/images/asf-logo.gif" /> </a> </td> </tr> </table> <div class="searchbox noPrint"> -<form action="http://www.google.com/search" method="get"> -<input value="tomcat.apache.org" name="sitesearch" type="hidden"/> -<input value="Search the Site" size="25" name="q" id="query" type="text"/> -<input name="Search" value="Search Site" type="submit"/> +<form method="get" action="http://www.google.com/search"> +<input type="hidden" name="sitesearch" value="tomcat.apache.org" /> +<input type="text" id="query" name="q" size="25" value="Search the Site" /> +<input type="submit" value="Search Site" name="Search" /> </form> </div> -<table border="0" width="100%" cellspacing="4"> +<table cellspacing="4" width="100%" border="0"> <!--HEADER SEPARATOR--> <tr> <td colspan="2"> -<hr noshade="" size="1"/> +<hr size="1" noshade="" /> </td> </tr> <tr> <!--LEFT SIDE NAVIGATION--> -<td width="20%" valign="top" nowrap="true" class="noPrint"> +<td class="noPrint" nowrap="true" valign="top" width="20%"> <p> <strong>Apache Tomcat</strong> </p> @@ -172,11 +172,11 @@ </ul> </td> <!--RIGHT SIDE MAIN BODY--> -<td width="80%" valign="top" align="left" id="mainBody"> -<table border="0" cellspacing="0" cellpadding="2" width="100%"> +<td id="mainBody" align="left" valign="top" width="80%"> +<table width="100%" cellpadding="2" cellspacing="0" border="0"> <tr> <td bgcolor="#525D76"> -<font color="#ffffff" face="arial,helvetica,sanserif"> +<font face="arial,helvetica,sanserif" color="#ffffff"> <a name="Apache Tomcat 5.x vulnerabilities"> <strong>Apache Tomcat 5.x vulnerabilities</strong> </a> @@ -214,58 +214,14 @@ </tr> <tr> <td> -<br/> +<br /> </td> </tr> </table> -<table border="0" cellspacing="0" cellpadding="2" width="100%"> +<table width="100%" cellpadding="2" cellspacing="0" border="0"> <tr> <td bgcolor="#525D76"> -<font color="#ffffff" face="arial,helvetica,sanserif"> -<a name="Not fixed in Apache Tomcat 5.5.x"> -<strong>Not fixed in Apache Tomcat 5.5.x</strong> -</a> -</font> -</td> -</tr> -<tr> -<td> -<p> -<blockquote> - - <p> -<i>Note: It is expected that this issue will be fixed in 5.5.29 but the - patch has not yet received the necessary votes to be applied to the 5.5.x - code base.</i> -</p> - - <p> -<strong>Low: Insecure default password</strong> - <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3548"> - CVE-2009-3548</a> -</p> - - <p>The Windows installer defaults to a blank password for the administrative - user. If this is not changed during the install process, then by default - a user is created with the name admin, roles admin and manager and a - blank password.</p> - - <p>Affects: 5.5.0-5.5.28</p> - - </blockquote> -</p> -</td> -</tr> -<tr> -<td> -<br/> -</td> -</tr> -</table> -<table border="0" cellspacing="0" cellpadding="2" width="100%"> -<tr> -<td bgcolor="#525D76"> -<font color="#ffffff" face="arial,helvetica,sanserif"> +<font face="arial,helvetica,sanserif" color="#ffffff"> <a name="Fixed in subversion for Apache Tomcat 5.5.x"> <strong>Fixed in subversion for Apache Tomcat 5.5.x</strong> </a> @@ -281,7 +237,7 @@ <i>Note: These issues will be fixed in 5.5.29 but that version has not yet been released.</i> </p> - + <p> <strong>Low: Arbitrary file deletion and/or alteration on deploy</strong> <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2693"> @@ -337,21 +293,37 @@ revision 902650</a>.</p> <p>Affects: 5.5.0-5.5.28</p> - + + <p> +<strong>Low: Insecure default password</strong> + <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3548"> + CVE-2009-3548</a> +</p> + + <p>The Windows installer defaults to a blank password for the administrative + user. If this is not changed during the install process, then by default + a user is created with the name admin, roles admin and manager and a + blank password.</p> + + <p>Affects: 5.5.0-5.5.28</p> + + <p>This was fixed in + <a href="http://svn.apache.org/viewvc?rev=919006&view=rev"> + revision 919006</a>.</p> </blockquote> </p> </td> </tr> <tr> <td> -<br/> +<br /> </td> </tr> </table> -<table border="0" cellspacing="0" cellpadding="2" width="100%"> +<table width="100%" cellpadding="2" cellspacing="0" border="0"> <tr> <td bgcolor="#525D76"> -<font color="#ffffff" face="arial,helvetica,sanserif"> +<font face="arial,helvetica,sanserif" color="#ffffff"> <a name="Fixed in Apache Tomcat 5.5.28"> <strong>Fixed in Apache Tomcat 5.5.28</strong> </a> @@ -466,14 +438,14 @@ </tr> <tr> <td> -<br/> +<br /> </td> </tr> </table> -<table border="0" cellspacing="0" cellpadding="2" width="100%"> +<table width="100%" cellpadding="2" cellspacing="0" border="0"> <tr> <td bgcolor="#525D76"> -<font color="#ffffff" face="arial,helvetica,sanserif"> +<font face="arial,helvetica,sanserif" color="#ffffff"> <a name="Fixed in Apache Tomcat 5.5.27"> <strong>Fixed in Apache Tomcat 5.5.27</strong> </a> @@ -546,14 +518,14 @@ </tr> <tr> <td> -<br/> +<br /> </td> </tr> </table> -<table border="0" cellspacing="0" cellpadding="2" width="100%"> +<table width="100%" cellpadding="2" cellspacing="0" border="0"> <tr> <td bgcolor="#525D76"> -<font color="#ffffff" face="arial,helvetica,sanserif"> +<font face="arial,helvetica,sanserif" color="#ffffff"> <a name="Fixed in Apache Tomcat 5.5.26"> <strong>Fixed in Apache Tomcat 5.5.26</strong> </a> @@ -621,14 +593,14 @@ </tr> <tr> <td> -<br/> +<br /> </td> </tr> </table> -<table border="0" cellspacing="0" cellpadding="2" width="100%"> +<table width="100%" cellpadding="2" cellspacing="0" border="0"> <tr> <td bgcolor="#525D76"> -<font color="#ffffff" face="arial,helvetica,sanserif"> +<font face="arial,helvetica,sanserif" color="#ffffff"> <a name="Fixed in Apache Tomcat 5.5.25, 5.0.SVN"> <strong>Fixed in Apache Tomcat 5.5.25, 5.0.SVN</strong> </a> @@ -710,14 +682,14 @@ </tr> <tr> <td> -<br/> +<br /> </td> </tr> </table> -<table border="0" cellspacing="0" cellpadding="2" width="100%"> +<table width="100%" cellpadding="2" cellspacing="0" border="0"> <tr> <td bgcolor="#525D76"> -<font color="#ffffff" face="arial,helvetica,sanserif"> +<font face="arial,helvetica,sanserif" color="#ffffff"> <a name="Fixed in Apache Tomcat 5.5.24, 5.0.SVN"> <strong>Fixed in Apache Tomcat 5.5.24, 5.0.SVN</strong> </a> @@ -747,14 +719,14 @@ </tr> <tr> <td> -<br/> +<br /> </td> </tr> </table> -<table border="0" cellspacing="0" cellpadding="2" width="100%"> +<table width="100%" cellpadding="2" cellspacing="0" border="0"> <tr> <td bgcolor="#525D76"> -<font color="#ffffff" face="arial,helvetica,sanserif"> +<font face="arial,helvetica,sanserif" color="#ffffff"> <a name="Fixed in Apache Tomcat 5.5.23, 5.0.SVN"> <strong>Fixed in Apache Tomcat 5.5.23, 5.0.SVN</strong> </a> @@ -789,14 +761,14 @@ </tr> <tr> <td> -<br/> +<br /> </td> </tr> </table> -<table border="0" cellspacing="0" cellpadding="2" width="100%"> +<table width="100%" cellpadding="2" cellspacing="0" border="0"> <tr> <td bgcolor="#525D76"> -<font color="#ffffff" face="arial,helvetica,sanserif"> +<font face="arial,helvetica,sanserif" color="#ffffff"> <a name="Fixed in Apache Tomcat 5.5.22, 5.0.SVN"> <strong>Fixed in Apache Tomcat 5.5.22, 5.0.SVN</strong> </a> @@ -850,14 +822,14 @@ </tr> <tr> <td> -<br/> +<br /> </td> </tr> </table> -<table border="0" cellspacing="0" cellpadding="2" width="100%"> +<table width="100%" cellpadding="2" cellspacing="0" border="0"> <tr> <td bgcolor="#525D76"> -<font color="#ffffff" face="arial,helvetica,sanserif"> +<font face="arial,helvetica,sanserif" color="#ffffff"> <a name="Fixed in Apache Tomcat 5.5.21, 5.0.SVN"> <strong>Fixed in Apache Tomcat 5.5.21, 5.0.SVN</strong> </a> @@ -890,14 +862,14 @@ </tr> <tr> <td> -<br/> +<br /> </td> </tr> </table> -<table border="0" cellspacing="0" cellpadding="2" width="100%"> +<table width="100%" cellpadding="2" cellspacing="0" border="0"> <tr> <td bgcolor="#525D76"> -<font color="#ffffff" face="arial,helvetica,sanserif"> +<font face="arial,helvetica,sanserif" color="#ffffff"> <a name="Fixed in Apache Tomcat 5.5.21"> <strong>Fixed in Apache Tomcat 5.5.21</strong> </a> @@ -942,14 +914,14 @@ </tr> <tr> <td> -<br/> +<br /> </td> </tr> </table> -<table border="0" cellspacing="0" cellpadding="2" width="100%"> +<table width="100%" cellpadding="2" cellspacing="0" border="0"> <tr> <td bgcolor="#525D76"> -<font color="#ffffff" face="arial,helvetica,sanserif"> +<font face="arial,helvetica,sanserif" color="#ffffff"> <a name="Fixed in Apache Tomcat 5.5.18, 5.0.SVN"> <strong>Fixed in Apache Tomcat 5.5.18, 5.0.SVN</strong> </a> @@ -977,14 +949,14 @@ </tr> <tr> <td> -<br/> +<br /> </td> </tr> </table> -<table border="0" cellspacing="0" cellpadding="2" width="100%"> +<table width="100%" cellpadding="2" cellspacing="0" border="0"> <tr> <td bgcolor="#525D76"> -<font color="#ffffff" face="arial,helvetica,sanserif"> +<font face="arial,helvetica,sanserif" color="#ffffff"> <a name="Fixed in Apache Tomcat 5.5.17, 5.0.SVN"> <strong>Fixed in Apache Tomcat 5.5.17, 5.0.SVN</strong> </a> @@ -1012,14 +984,14 @@ </tr> <tr> <td> -<br/> +<br /> </td> </tr> </table> -<table border="0" cellspacing="0" cellpadding="2" width="100%"> +<table width="100%" cellpadding="2" cellspacing="0" border="0"> <tr> <td bgcolor="#525D76"> -<font color="#ffffff" face="arial,helvetica,sanserif"> +<font face="arial,helvetica,sanserif" color="#ffffff"> <a name="Fixed in Apache Tomcat 5.5.16, 5.0.SVN"> <strong>Fixed in Apache Tomcat 5.5.16, 5.0.SVN</strong> </a> @@ -1047,14 +1019,14 @@ </tr> <tr> <td> -<br/> +<br /> </td> </tr> </table> -<table border="0" cellspacing="0" cellpadding="2" width="100%"> +<table width="100%" cellpadding="2" cellspacing="0" border="0"> <tr> <td bgcolor="#525D76"> -<font color="#ffffff" face="arial,helvetica,sanserif"> +<font face="arial,helvetica,sanserif" color="#ffffff"> <a name="Fixed in Apache Tomcat 5.5.13, 5.0.SVN"> <strong>Fixed in Apache Tomcat 5.5.13, 5.0.SVN</strong> </a> @@ -1102,14 +1074,14 @@ </tr> <tr> <td> -<br/> +<br /> </td> </tr> </table> -<table border="0" cellspacing="0" cellpadding="2" width="100%"> +<table width="100%" cellpadding="2" cellspacing="0" border="0"> <tr> <td bgcolor="#525D76"> -<font color="#ffffff" face="arial,helvetica,sanserif"> +<font face="arial,helvetica,sanserif" color="#ffffff"> <a name="Fixed in Apache Tomcat 5.5.7, 5.0.SVN"> <strong>Fixed in Apache Tomcat 5.5.7, 5.0.SVN</strong> </a> @@ -1137,14 +1109,14 @@ </tr> <tr> <td> -<br/> +<br /> </td> </tr> </table> -<table border="0" cellspacing="0" cellpadding="2" width="100%"> +<table width="100%" cellpadding="2" cellspacing="0" border="0"> <tr> <td bgcolor="#525D76"> -<font color="#ffffff" face="arial,helvetica,sanserif"> +<font face="arial,helvetica,sanserif" color="#ffffff"> <a name="Fixed in Apache Tomcat 5.5.1"> <strong>Fixed in Apache Tomcat 5.5.1</strong> </a> @@ -1176,14 +1148,14 @@ </tr> <tr> <td> -<br/> +<br /> </td> </tr> </table> -<table border="0" cellspacing="0" cellpadding="2" width="100%"> +<table width="100%" cellpadding="2" cellspacing="0" border="0"> <tr> <td bgcolor="#525D76"> -<font color="#ffffff" face="arial,helvetica,sanserif"> +<font face="arial,helvetica,sanserif" color="#ffffff"> <a name="Not a vulnerability in Tomcat"> <strong>Not a vulnerability in Tomcat</strong> </a> @@ -1286,7 +1258,7 @@ </tr> <tr> <td> -<br/> +<br /> </td> </tr> </table> @@ -1295,17 +1267,17 @@ <!--FOOTER SEPARATOR--> <tr> <td colspan="2"> -<hr noshade="" size="1"/> +<hr size="1" noshade="" /> </td> </tr> <!--PAGE FOOTER--> <tr> <td colspan="2"> <div align="center"> -<font color="#525D76" size="-1"> +<font size="-1" color="#525D76"> <em> Copyright © 1999-2010, The Apache Software Foundation - <br/> + <br /> "Apache", the Apache feather, and the Apache Tomcat logo are trademarks of the Apache Software Foundation for our open source software. Modified: tomcat/site/trunk/xdocs/security-5.xml URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-5.xml?rev=919020&r1=919019&r2=919020&view=diff ============================================================================== --- tomcat/site/trunk/xdocs/security-5.xml (original) +++ tomcat/site/trunk/xdocs/security-5.xml Thu Mar 4 15:26:32 2010 @@ -32,30 +32,21 @@ </section> +<!-- <section name="Not fixed in Apache Tomcat 5.5.x"> <p><i>Note: It is expected that this issue will be fixed in 5.5.29 but the patch has not yet received the necessary votes to be applied to the 5.5.x code base.</i></p> - <p><strong>Low: Insecure default password</strong> - <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3548"> - CVE-2009-3548</a></p> - - <p>The Windows installer defaults to a blank password for the administrative - user. If this is not changed during the install process, then by default - a user is created with the name admin, roles admin and manager and a - blank password.</p> - - <p>Affects: 5.5.0-5.5.28</p> - </section> + --> <section name="Fixed in subversion for Apache Tomcat 5.5.x"> <p><i>Note: These issues will be fixed in 5.5.29 but that version has not yet been released.</i></p> - + <p><strong>Low: Arbitrary file deletion and/or alteration on deploy</strong> <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2693"> CVE-2009-2693</a></p> @@ -105,7 +96,21 @@ revision 902650</a>.</p> <p>Affects: 5.5.0-5.5.28</p> - + + <p><strong>Low: Insecure default password</strong> + <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3548"> + CVE-2009-3548</a></p> + + <p>The Windows installer defaults to a blank password for the administrative + user. If this is not changed during the install process, then by default + a user is created with the name admin, roles admin and manager and a + blank password.</p> + + <p>Affects: 5.5.0-5.5.28</p> + + <p>This was fixed in + <a href="http://svn.apache.org/viewvc?rev=919006&view=rev"> + revision 919006</a>.</p> </section> <section name="Fixed in Apache Tomcat 5.5.28"> --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org