Author: markt
Date: Fri Jul 9 12:14:49 2010
New Revision: 962498
URL: http://svn.apache.org/viewvc?rev=962498&view=rev
Log:
CVE-2010-2227
Modified:
tomcat/site/trunk/docs/security-5.html
tomcat/site/trunk/docs/security-6.html
tomcat/site/trunk/docs/security-7.html
tomcat/site/trunk/xdocs/security-5.xml
tomcat/site/trunk/xdocs/security-6.xml
tomcat/site/trunk/xdocs/security-7.xml
Modified: tomcat/site/trunk/docs/security-5.html
URL:
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-5.html?rev=962498&r1=962497&r2=962498&view=diff
==============================================================================
--- tomcat/site/trunk/docs/security-5.html (original)
+++ tomcat/site/trunk/docs/security-5.html Fri Jul 9 12:14:49 2010
@@ -2,19 +2,19 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd";>
<html>
<head>
-<title>Apache Tomcat - Apache Tomcat 5.x vulnerabilities</title>
-<meta content="Apache Tomcat Project" name="author" />
-<link rel="stylesheet" href="stylesheets/tomcat.css" type="text/css" />
-<link media="print" rel="stylesheet" href="stylesheets/tomcat-printer.css"
type="text/css" />
+<title>Apache Tomcat - Apache Tomcat 5 vulnerabilities</title>
+<meta name="author" content="Apache Tomcat Project"/>
+<link type="text/css" href="stylesheets/tomcat.css" rel="stylesheet"/>
+<link type="text/css" href="stylesheets/tomcat-printer.css" rel="stylesheet"
media="print"/>
</head>
-<body vlink="#525D76" alink="#525D76" link="#525D76" text="#000000"
bgcolor="#ffffff">
-<table cellspacing="0" width="100%" border="0">
+<body bgcolor="#ffffff" text="#000000" link="#525D76" alink="#525D76"
vlink="#525D76">
+<table border="0" width="100%" cellspacing="0">
<!--PAGE HEADER-->
<tr>
<td>
<!--PROJECT LOGO-->
<a href="http://tomcat.apache.org/";>
-<img border="0" alt="Tomcat Logo" align="left" src="./images/tomcat.gif" />
+<img src="./images/tomcat.gif" align="left" alt="Tomcat Logo" border="0"/>
</a>
</td>
<td>
@@ -25,28 +25,28 @@
<td>
<!--APACHE LOGO-->
<a href="http://www.apache.org/";>
-<img border="0" alt="Apache Logo" align="right"
src="http://www.apache.org/images/asf-logo.gif"; />
+<img src="http://www.apache.org/images/asf-logo.gif"; align="right" alt="Apache
Logo" border="0"/>
</a>
</td>
</tr>
</table>
<div class="searchbox noPrint">
-<form method="get" action="http://www.google.com/search";>
-<input type="hidden" name="sitesearch" value="tomcat.apache.org" />
-<input type="text" id="query" name="q" size="25" value="Search the Site" />
-<input type="submit" value="Search Site" name="Search" />
+<form action="http://www.google.com/search"; method="get">
+<input value="tomcat.apache.org" name="sitesearch" type="hidden"/>
+<input value="Search the Site" size="25" name="q" id="query" type="text"/>
+<input name="Search" value="Search Site" type="submit"/>
</form>
</div>
-<table cellspacing="4" width="100%" border="0">
+<table border="0" width="100%" cellspacing="4">
<!--HEADER SEPARATOR-->
<tr>
<td colspan="2">
-<hr size="1" noshade="" />
+<hr noshade="" size="1"/>
</td>
</tr>
<tr>
<!--LEFT SIDE NAVIGATION-->
-<td class="noPrint" nowrap="true" valign="top" width="20%">
+<td width="20%" valign="top" nowrap="true" class="noPrint">
<p>
<strong>Apache Tomcat</strong>
</p>
@@ -178,11 +178,11 @@
</ul>
</td>
<!--RIGHT SIDE MAIN BODY-->
-<td id="mainBody" align="left" valign="top" width="80%">
-<table width="100%" cellpadding="2" cellspacing="0" border="0">
+<td width="80%" valign="top" align="left" id="mainBody">
+<table border="0" cellspacing="0" cellpadding="2" width="100%">
<tr>
<td bgcolor="#525D76">
-<font face="arial,helvetica,sanserif" color="#ffffff">
+<font color="#ffffff" face="arial,helvetica,sanserif">
<a name="Table of Contents">
<!--()-->
</a>
@@ -201,7 +201,7 @@
<a href="#Apache_Tomcat_5.x_vulnerabilities">Apache Tomcat 5.x
vulnerabilities</a>
</li>
<li>
-<a href="#Fixed_in_subversion_for_Apache_Tomcat_5.5.x">Fixed in subversion for
Apache Tomcat 5.5.x</a>
+<a href="#Fixed_in_Apache_Tomcat_5.5.30">Fixed in Apache Tomcat 5.5.30</a>
</li>
<li>
<a href="#Fixed_in_Apache_Tomcat_5.5.29">Fixed in Apache Tomcat 5.5.29</a>
@@ -261,14 +261,14 @@
</tr>
<tr>
<td>
-<br />
+<br/>
</td>
</tr>
</table>
-<table width="100%" cellpadding="2" cellspacing="0" border="0">
+<table border="0" cellspacing="0" cellpadding="2" width="100%">
<tr>
<td bgcolor="#525D76">
-<font face="arial,helvetica,sanserif" color="#ffffff">
+<font color="#ffffff" face="arial,helvetica,sanserif">
<a name="Apache Tomcat 5.x vulnerabilities">
<!--()-->
</a>
@@ -309,19 +309,19 @@
</tr>
<tr>
<td>
-<br />
+<br/>
</td>
</tr>
</table>
-<table width="100%" cellpadding="2" cellspacing="0" border="0">
+<table border="0" cellspacing="0" cellpadding="2" width="100%">
<tr>
<td bgcolor="#525D76">
-<font face="arial,helvetica,sanserif" color="#ffffff">
-<a name="Fixed in subversion for Apache Tomcat 5.5.x">
+<font color="#ffffff" face="arial,helvetica,sanserif">
+<a name="Fixed in Apache Tomcat 5.5.30">
<!--()-->
</a>
-<a name="Fixed_in_subversion_for_Apache_Tomcat_5.5.x">
-<strong>Fixed in subversion for Apache Tomcat 5.5.x</strong>
+<a name="Fixed_in_Apache_Tomcat_5.5.30">
+<strong>Fixed in Apache Tomcat 5.5.30</strong>
</a>
</font>
</td>
@@ -332,10 +332,25 @@
<blockquote>
<p>
-<i>Note: These issues will be fixed in 5.5.30 but that version has not
- yet been released.</i>
+<strong>Important: Remote Denial Of Service and Information Disclosure
+ Vulnerability</strong>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2227";>
+ CVE-2010-2227</a>
</p>
+ <p>Several flaws in the handling of the 'Transfer-Encoding' header were
+ found that prevented the recycling of a buffer. A remote attacker could
+ trigger this flaw which would cause subsequent requests to fail and/or
+ information to leak between requests. This flaw is mitigated if Tomcat
is
+ behind a reverse proxy (such as Apache httpd 2.2) as the proxy should
+ reject the invalid transfer encoding header.</p>
+
+ <p>This was fixed in
+ <a href="http://svn.apache.org/viewvc?rev=959428&view=rev";>
+ revision 959428</a>.</p>
+
+ <p>Affects: 5.5.0-5.5.29</p>
+
<p>
<strong>Low: Information disclosure in authentication headers</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1157";>
@@ -356,20 +371,22 @@
<a href="http://svn.apache.org/viewvc?rev=936541&view=rev";>
revision 936541</a>.</p>
+ <p>Affects: 5.5.0-5.5.29</p>
+
</blockquote>
</p>
</td>
</tr>
<tr>
<td>
-<br />
+<br/>
</td>
</tr>
</table>
-<table width="100%" cellpadding="2" cellspacing="0" border="0">
+<table border="0" cellspacing="0" cellpadding="2" width="100%">
<tr>
<td bgcolor="#525D76">
-<font face="arial,helvetica,sanserif" color="#ffffff">
+<font color="#ffffff" face="arial,helvetica,sanserif">
<a name="Fixed in Apache Tomcat 5.5.29">
<!--()-->
</a>
@@ -462,14 +479,14 @@
</tr>
<tr>
<td>
-<br />
+<br/>
</td>
</tr>
</table>
-<table width="100%" cellpadding="2" cellspacing="0" border="0">
+<table border="0" cellspacing="0" cellpadding="2" width="100%">
<tr>
<td bgcolor="#525D76">
-<font face="arial,helvetica,sanserif" color="#ffffff">
+<font color="#ffffff" face="arial,helvetica,sanserif">
<a name="Fixed in Apache Tomcat 5.5.28">
<!--()-->
</a>
@@ -587,14 +604,14 @@
</tr>
<tr>
<td>
-<br />
+<br/>
</td>
</tr>
</table>
-<table width="100%" cellpadding="2" cellspacing="0" border="0">
+<table border="0" cellspacing="0" cellpadding="2" width="100%">
<tr>
<td bgcolor="#525D76">
-<font face="arial,helvetica,sanserif" color="#ffffff">
+<font color="#ffffff" face="arial,helvetica,sanserif">
<a name="Fixed in Apache Tomcat 5.5.27">
<!--()-->
</a>
@@ -670,14 +687,14 @@
</tr>
<tr>
<td>
-<br />
+<br/>
</td>
</tr>
</table>
-<table width="100%" cellpadding="2" cellspacing="0" border="0">
+<table border="0" cellspacing="0" cellpadding="2" width="100%">
<tr>
<td bgcolor="#525D76">
-<font face="arial,helvetica,sanserif" color="#ffffff">
+<font color="#ffffff" face="arial,helvetica,sanserif">
<a name="Fixed in Apache Tomcat 5.5.26">
<!--()-->
</a>
@@ -748,14 +765,14 @@
</tr>
<tr>
<td>
-<br />
+<br/>
</td>
</tr>
</table>
-<table width="100%" cellpadding="2" cellspacing="0" border="0">
+<table border="0" cellspacing="0" cellpadding="2" width="100%">
<tr>
<td bgcolor="#525D76">
-<font face="arial,helvetica,sanserif" color="#ffffff">
+<font color="#ffffff" face="arial,helvetica,sanserif">
<a name="Fixed in Apache Tomcat 5.5.25, 5.0.SVN">
<!--()-->
</a>
@@ -840,14 +857,14 @@
</tr>
<tr>
<td>
-<br />
+<br/>
</td>
</tr>
</table>
-<table width="100%" cellpadding="2" cellspacing="0" border="0">
+<table border="0" cellspacing="0" cellpadding="2" width="100%">
<tr>
<td bgcolor="#525D76">
-<font face="arial,helvetica,sanserif" color="#ffffff">
+<font color="#ffffff" face="arial,helvetica,sanserif">
<a name="Fixed in Apache Tomcat 5.5.24, 5.0.SVN">
<!--()-->
</a>
@@ -880,14 +897,14 @@
</tr>
<tr>
<td>
-<br />
+<br/>
</td>
</tr>
</table>
-<table width="100%" cellpadding="2" cellspacing="0" border="0">
+<table border="0" cellspacing="0" cellpadding="2" width="100%">
<tr>
<td bgcolor="#525D76">
-<font face="arial,helvetica,sanserif" color="#ffffff">
+<font color="#ffffff" face="arial,helvetica,sanserif">
<a name="Fixed in Apache Tomcat 5.5.23, 5.0.SVN">
<!--()-->
</a>
@@ -925,14 +942,14 @@
</tr>
<tr>
<td>
-<br />
+<br/>
</td>
</tr>
</table>
-<table width="100%" cellpadding="2" cellspacing="0" border="0">
+<table border="0" cellspacing="0" cellpadding="2" width="100%">
<tr>
<td bgcolor="#525D76">
-<font face="arial,helvetica,sanserif" color="#ffffff">
+<font color="#ffffff" face="arial,helvetica,sanserif">
<a name="Fixed in Apache Tomcat 5.5.22, 5.0.SVN">
<!--()-->
</a>
@@ -989,14 +1006,14 @@
</tr>
<tr>
<td>
-<br />
+<br/>
</td>
</tr>
</table>
-<table width="100%" cellpadding="2" cellspacing="0" border="0">
+<table border="0" cellspacing="0" cellpadding="2" width="100%">
<tr>
<td bgcolor="#525D76">
-<font face="arial,helvetica,sanserif" color="#ffffff">
+<font color="#ffffff" face="arial,helvetica,sanserif">
<a name="Fixed in Apache Tomcat 5.5.21, 5.0.SVN">
<!--()-->
</a>
@@ -1032,14 +1049,14 @@
</tr>
<tr>
<td>
-<br />
+<br/>
</td>
</tr>
</table>
-<table width="100%" cellpadding="2" cellspacing="0" border="0">
+<table border="0" cellspacing="0" cellpadding="2" width="100%">
<tr>
<td bgcolor="#525D76">
-<font face="arial,helvetica,sanserif" color="#ffffff">
+<font color="#ffffff" face="arial,helvetica,sanserif">
<a name="Fixed in Apache Tomcat 5.5.21">
<!--()-->
</a>
@@ -1087,14 +1104,14 @@
</tr>
<tr>
<td>
-<br />
+<br/>
</td>
</tr>
</table>
-<table width="100%" cellpadding="2" cellspacing="0" border="0">
+<table border="0" cellspacing="0" cellpadding="2" width="100%">
<tr>
<td bgcolor="#525D76">
-<font face="arial,helvetica,sanserif" color="#ffffff">
+<font color="#ffffff" face="arial,helvetica,sanserif">
<a name="Fixed in Apache Tomcat 5.5.18, 5.0.SVN">
<!--()-->
</a>
@@ -1125,14 +1142,14 @@
</tr>
<tr>
<td>
-<br />
+<br/>
</td>
</tr>
</table>
-<table width="100%" cellpadding="2" cellspacing="0" border="0">
+<table border="0" cellspacing="0" cellpadding="2" width="100%">
<tr>
<td bgcolor="#525D76">
-<font face="arial,helvetica,sanserif" color="#ffffff">
+<font color="#ffffff" face="arial,helvetica,sanserif">
<a name="Fixed in Apache Tomcat 5.5.17, 5.0.SVN">
<!--()-->
</a>
@@ -1163,14 +1180,14 @@
</tr>
<tr>
<td>
-<br />
+<br/>
</td>
</tr>
</table>
-<table width="100%" cellpadding="2" cellspacing="0" border="0">
+<table border="0" cellspacing="0" cellpadding="2" width="100%">
<tr>
<td bgcolor="#525D76">
-<font face="arial,helvetica,sanserif" color="#ffffff">
+<font color="#ffffff" face="arial,helvetica,sanserif">
<a name="Fixed in Apache Tomcat 5.5.16, 5.0.SVN">
<!--()-->
</a>
@@ -1201,14 +1218,14 @@
</tr>
<tr>
<td>
-<br />
+<br/>
</td>
</tr>
</table>
-<table width="100%" cellpadding="2" cellspacing="0" border="0">
+<table border="0" cellspacing="0" cellpadding="2" width="100%">
<tr>
<td bgcolor="#525D76">
-<font face="arial,helvetica,sanserif" color="#ffffff">
+<font color="#ffffff" face="arial,helvetica,sanserif">
<a name="Fixed in Apache Tomcat 5.5.13, 5.0.SVN">
<!--()-->
</a>
@@ -1259,14 +1276,14 @@
</tr>
<tr>
<td>
-<br />
+<br/>
</td>
</tr>
</table>
-<table width="100%" cellpadding="2" cellspacing="0" border="0">
+<table border="0" cellspacing="0" cellpadding="2" width="100%">
<tr>
<td bgcolor="#525D76">
-<font face="arial,helvetica,sanserif" color="#ffffff">
+<font color="#ffffff" face="arial,helvetica,sanserif">
<a name="Fixed in Apache Tomcat 5.5.7, 5.0.SVN">
<!--()-->
</a>
@@ -1297,14 +1314,14 @@
</tr>
<tr>
<td>
-<br />
+<br/>
</td>
</tr>
</table>
-<table width="100%" cellpadding="2" cellspacing="0" border="0">
+<table border="0" cellspacing="0" cellpadding="2" width="100%">
<tr>
<td bgcolor="#525D76">
-<font face="arial,helvetica,sanserif" color="#ffffff">
+<font color="#ffffff" face="arial,helvetica,sanserif">
<a name="Fixed in Apache Tomcat 5.5.1">
<!--()-->
</a>
@@ -1339,14 +1356,14 @@
</tr>
<tr>
<td>
-<br />
+<br/>
</td>
</tr>
</table>
-<table width="100%" cellpadding="2" cellspacing="0" border="0">
+<table border="0" cellspacing="0" cellpadding="2" width="100%">
<tr>
<td bgcolor="#525D76">
-<font face="arial,helvetica,sanserif" color="#ffffff">
+<font color="#ffffff" face="arial,helvetica,sanserif">
<a name="Not a vulnerability in Tomcat">
<!--()-->
</a>
@@ -1452,7 +1469,7 @@
</tr>
<tr>
<td>
-<br />
+<br/>
</td>
</tr>
</table>
@@ -1461,17 +1478,17 @@
<!--FOOTER SEPARATOR-->
<tr>
<td colspan="2">
-<hr size="1" noshade="" />
+<hr noshade="" size="1"/>
</td>
</tr>
<!--PAGE FOOTER-->
<tr>
<td colspan="2">
<div align="center">
-<font size="-1" color="#525D76">
+<font color="#525D76" size="-1">
<em>
Copyright © 1999-2010, The Apache Software Foundation
- <br />
+ <br/>
"Apache", the Apache feather, and the Apache Tomcat logo are
trademarks of the Apache Software Foundation for our open source
software.
Modified: tomcat/site/trunk/docs/security-6.html
URL:
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-6.html?rev=962498&r1=962497&r2=962498&view=diff
==============================================================================
--- tomcat/site/trunk/docs/security-6.html (original)
+++ tomcat/site/trunk/docs/security-6.html Fri Jul 9 12:14:49 2010
@@ -2,19 +2,19 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd";>
<html>
<head>
-<title>Apache Tomcat - Apache Tomcat 6.x vulnerabilities</title>
-<meta content="Apache Tomcat Project" name="author" />
-<link rel="stylesheet" href="stylesheets/tomcat.css" type="text/css" />
-<link media="print" rel="stylesheet" href="stylesheets/tomcat-printer.css"
type="text/css" />
+<title>Apache Tomcat - Apache Tomcat 6 vulnerabilities</title>
+<meta name="author" content="Apache Tomcat Project"/>
+<link type="text/css" href="stylesheets/tomcat.css" rel="stylesheet"/>
+<link type="text/css" href="stylesheets/tomcat-printer.css" rel="stylesheet"
media="print"/>
</head>
-<body vlink="#525D76" alink="#525D76" link="#525D76" text="#000000"
bgcolor="#ffffff">
-<table cellspacing="0" width="100%" border="0">
+<body bgcolor="#ffffff" text="#000000" link="#525D76" alink="#525D76"
vlink="#525D76">
+<table border="0" width="100%" cellspacing="0">
<!--PAGE HEADER-->
<tr>
<td>
<!--PROJECT LOGO-->
<a href="http://tomcat.apache.org/";>
-<img border="0" alt="Tomcat Logo" align="left" src="./images/tomcat.gif" />
+<img src="./images/tomcat.gif" align="left" alt="Tomcat Logo" border="0"/>
</a>
</td>
<td>
@@ -25,28 +25,28 @@
<td>
<!--APACHE LOGO-->
<a href="http://www.apache.org/";>
-<img border="0" alt="Apache Logo" align="right"
src="http://www.apache.org/images/asf-logo.gif"; />
+<img src="http://www.apache.org/images/asf-logo.gif"; align="right" alt="Apache
Logo" border="0"/>
</a>
</td>
</tr>
</table>
<div class="searchbox noPrint">
-<form method="get" action="http://www.google.com/search";>
-<input type="hidden" name="sitesearch" value="tomcat.apache.org" />
-<input type="text" id="query" name="q" size="25" value="Search the Site" />
-<input type="submit" value="Search Site" name="Search" />
+<form action="http://www.google.com/search"; method="get">
+<input value="tomcat.apache.org" name="sitesearch" type="hidden"/>
+<input value="Search the Site" size="25" name="q" id="query" type="text"/>
+<input name="Search" value="Search Site" type="submit"/>
</form>
</div>
-<table cellspacing="4" width="100%" border="0">
+<table border="0" width="100%" cellspacing="4">
<!--HEADER SEPARATOR-->
<tr>
<td colspan="2">
-<hr size="1" noshade="" />
+<hr noshade="" size="1"/>
</td>
</tr>
<tr>
<!--LEFT SIDE NAVIGATION-->
-<td class="noPrint" nowrap="true" valign="top" width="20%">
+<td width="20%" valign="top" nowrap="true" class="noPrint">
<p>
<strong>Apache Tomcat</strong>
</p>
@@ -178,11 +178,11 @@
</ul>
</td>
<!--RIGHT SIDE MAIN BODY-->
-<td id="mainBody" align="left" valign="top" width="80%">
-<table width="100%" cellpadding="2" cellspacing="0" border="0">
+<td width="80%" valign="top" align="left" id="mainBody">
+<table border="0" cellspacing="0" cellpadding="2" width="100%">
<tr>
<td bgcolor="#525D76">
-<font face="arial,helvetica,sanserif" color="#ffffff">
+<font color="#ffffff" face="arial,helvetica,sanserif">
<a name="Table of Contents">
<!--()-->
</a>
@@ -240,14 +240,14 @@
</tr>
<tr>
<td>
-<br />
+<br/>
</td>
</tr>
</table>
-<table width="100%" cellpadding="2" cellspacing="0" border="0">
+<table border="0" cellspacing="0" cellpadding="2" width="100%">
<tr>
<td bgcolor="#525D76">
-<font face="arial,helvetica,sanserif" color="#ffffff">
+<font color="#ffffff" face="arial,helvetica,sanserif">
<a name="Apache Tomcat 6.x vulnerabilities">
<!--()-->
</a>
@@ -282,14 +282,14 @@
</tr>
<tr>
<td>
-<br />
+<br/>
</td>
</tr>
</table>
-<table width="100%" cellpadding="2" cellspacing="0" border="0">
+<table border="0" cellspacing="0" cellpadding="2" width="100%">
<tr>
<td bgcolor="#525D76">
-<font face="arial,helvetica,sanserif" color="#ffffff">
+<font color="#ffffff" face="arial,helvetica,sanserif">
<a name="Fixed in Apache Tomcat 6.0.28">
<!--()-->
</a>
@@ -305,22 +305,34 @@
<blockquote>
<p>
-<strong>High: Transfer-Encoding denial of service vulnerability</strong>
+<strong>Important: Remote Denial Of Service and Information Disclosure
+ Vulnerability</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2227";>
CVE-2010-2227</a>
</p>
- <p>A flaw in the handling of the 'Transfer-Encoding' header was found. A
- remote attacker could trigger this flaw which would cause subsequent
- requests to fail or information to leak between requests. This flaw
- is mitigated if Tomcat is behind a proxy as the proxy should reject
- the invalid transfer encoding header.</p>
-
+ <p>Several flaws in the handling of the 'Transfer-Encoding' header were
+ found that prevented the recycling of a buffer. A remote attacker could
+ trigger this flaw which would cause subsequent requests to fail and/or
+ information to leak between requests. This flaw is mitigated if Tomcat
is
+ behind a reverse proxy (such as Apache httpd 2.2) as the proxy should
+ reject the invalid transfer encoding header.</p>
+
<p>This was fixed in
<a href="http://svn.apache.org/viewvc?rev=958977&view=rev";>
revision 958977</a>.</p>
+
+ <p>Affects: 6.0.0-6.0.27</p>
<p>
+<i>Note: The issue below was fixed in Apache Tomcat 6.0.27 but the
+ release vote for the 6.0.27 release candidate did not pass. Therefore,
+ although users must download 6.0.28 to obtain a version that includes a
+ fix for this issue, version 6.0.27 is not included in the list of
+ affected versions.</i>
+</p>
+
+ <p>
<strong>Low: Information disclosure in authentication headers</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1157";>
CVE-2010-1157</a>
@@ -339,6 +351,8 @@
<p>This was fixed in
<a href="http://svn.apache.org/viewvc?rev=936540&view=rev";>
revision 936540</a>.</p>
+
+ <p>Affects: 6.0.0-6.0.26</p>
</blockquote>
</p>
@@ -346,14 +360,14 @@
</tr>
<tr>
<td>
-<br />
+<br/>
</td>
</tr>
</table>
-<table width="100%" cellpadding="2" cellspacing="0" border="0">
+<table border="0" cellspacing="0" cellpadding="2" width="100%">
<tr>
<td bgcolor="#525D76">
-<font face="arial,helvetica,sanserif" color="#ffffff">
+<font color="#ffffff" face="arial,helvetica,sanserif">
<a name="Fixed in Apache Tomcat 6.0.24">
<!--()-->
</a>
@@ -454,14 +468,14 @@
</tr>
<tr>
<td>
-<br />
+<br/>
</td>
</tr>
</table>
-<table width="100%" cellpadding="2" cellspacing="0" border="0">
+<table border="0" cellspacing="0" cellpadding="2" width="100%">
<tr>
<td bgcolor="#525D76">
-<font face="arial,helvetica,sanserif" color="#ffffff">
+<font color="#ffffff" face="arial,helvetica,sanserif">
<a name="Fixed in Apache Tomcat 6.0.20">
<!--()-->
</a>
@@ -581,14 +595,14 @@
</tr>
<tr>
<td>
-<br />
+<br/>
</td>
</tr>
</table>
-<table width="100%" cellpadding="2" cellspacing="0" border="0">
+<table border="0" cellspacing="0" cellpadding="2" width="100%">
<tr>
<td bgcolor="#525D76">
-<font face="arial,helvetica,sanserif" color="#ffffff">
+<font color="#ffffff" face="arial,helvetica,sanserif">
<a name="Fixed in Apache Tomcat 6.0.18">
<!--()-->
</a>
@@ -671,14 +685,14 @@
</tr>
<tr>
<td>
-<br />
+<br/>
</td>
</tr>
</table>
-<table width="100%" cellpadding="2" cellspacing="0" border="0">
+<table border="0" cellspacing="0" cellpadding="2" width="100%">
<tr>
<td bgcolor="#525D76">
-<font face="arial,helvetica,sanserif" color="#ffffff">
+<font color="#ffffff" face="arial,helvetica,sanserif">
<a name="Fixed in Apache Tomcat 6.0.16">
<!--()-->
</a>
@@ -763,14 +777,14 @@
</tr>
<tr>
<td>
-<br />
+<br/>
</td>
</tr>
</table>
-<table width="100%" cellpadding="2" cellspacing="0" border="0">
+<table border="0" cellspacing="0" cellpadding="2" width="100%">
<tr>
<td bgcolor="#525D76">
-<font face="arial,helvetica,sanserif" color="#ffffff">
+<font color="#ffffff" face="arial,helvetica,sanserif">
<a name="Fixed in Apache Tomcat 6.0.14">
<!--()-->
</a>
@@ -855,14 +869,14 @@
</tr>
<tr>
<td>
-<br />
+<br/>
</td>
</tr>
</table>
-<table width="100%" cellpadding="2" cellspacing="0" border="0">
+<table border="0" cellspacing="0" cellpadding="2" width="100%">
<tr>
<td bgcolor="#525D76">
-<font face="arial,helvetica,sanserif" color="#ffffff">
+<font color="#ffffff" face="arial,helvetica,sanserif">
<a name="Fixed in Apache Tomcat 6.0.11">
<!--()-->
</a>
@@ -913,14 +927,14 @@
</tr>
<tr>
<td>
-<br />
+<br/>
</td>
</tr>
</table>
-<table width="100%" cellpadding="2" cellspacing="0" border="0">
+<table border="0" cellspacing="0" cellpadding="2" width="100%">
<tr>
<td bgcolor="#525D76">
-<font face="arial,helvetica,sanserif" color="#ffffff">
+<font color="#ffffff" face="arial,helvetica,sanserif">
<a name="Fixed in Apache Tomcat 6.0.10">
<!--()-->
</a>
@@ -972,14 +986,14 @@
</tr>
<tr>
<td>
-<br />
+<br/>
</td>
</tr>
</table>
-<table width="100%" cellpadding="2" cellspacing="0" border="0">
+<table border="0" cellspacing="0" cellpadding="2" width="100%">
<tr>
<td bgcolor="#525D76">
-<font face="arial,helvetica,sanserif" color="#ffffff">
+<font color="#ffffff" face="arial,helvetica,sanserif">
<a name="Fixed in Apache Tomcat 6.0.9">
<!--()-->
</a>
@@ -1011,14 +1025,14 @@
</tr>
<tr>
<td>
-<br />
+<br/>
</td>
</tr>
</table>
-<table width="100%" cellpadding="2" cellspacing="0" border="0">
+<table border="0" cellspacing="0" cellpadding="2" width="100%">
<tr>
<td bgcolor="#525D76">
-<font face="arial,helvetica,sanserif" color="#ffffff">
+<font color="#ffffff" face="arial,helvetica,sanserif">
<a name="Fixed in Apache Tomcat 6.0.6">
<!--()-->
</a>
@@ -1054,14 +1068,14 @@
</tr>
<tr>
<td>
-<br />
+<br/>
</td>
</tr>
</table>
-<table width="100%" cellpadding="2" cellspacing="0" border="0">
+<table border="0" cellspacing="0" cellpadding="2" width="100%">
<tr>
<td bgcolor="#525D76">
-<font face="arial,helvetica,sanserif" color="#ffffff">
+<font color="#ffffff" face="arial,helvetica,sanserif">
<a name="Not a vulnerability in Tomcat">
<!--()-->
</a>
@@ -1153,7 +1167,7 @@
</tr>
<tr>
<td>
-<br />
+<br/>
</td>
</tr>
</table>
@@ -1162,17 +1176,17 @@
<!--FOOTER SEPARATOR-->
<tr>
<td colspan="2">
-<hr size="1" noshade="" />
+<hr noshade="" size="1"/>
</td>
</tr>
<!--PAGE FOOTER-->
<tr>
<td colspan="2">
<div align="center">
-<font size="-1" color="#525D76">
+<font color="#525D76" size="-1">
<em>
Copyright © 1999-2010, The Apache Software Foundation
- <br />
+ <br/>
"Apache", the Apache feather, and the Apache Tomcat logo are
trademarks of the Apache Software Foundation for our open source
software.
Modified: tomcat/site/trunk/docs/security-7.html
URL:
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-7.html?rev=962498&r1=962497&r2=962498&view=diff
==============================================================================
--- tomcat/site/trunk/docs/security-7.html (original)
+++ tomcat/site/trunk/docs/security-7.html Fri Jul 9 12:14:49 2010
@@ -2,19 +2,19 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd";>
<html>
<head>
-<title>Apache Tomcat - Apache Tomcat 6.x vulnerabilities</title>
-<meta content="Apache Tomcat Project" name="author" />
-<link rel="stylesheet" href="stylesheets/tomcat.css" type="text/css" />
-<link media="print" rel="stylesheet" href="stylesheets/tomcat-printer.css"
type="text/css" />
+<title>Apache Tomcat - Apache Tomcat 7 vulnerabilities</title>
+<meta name="author" content="Apache Tomcat Project"/>
+<link type="text/css" href="stylesheets/tomcat.css" rel="stylesheet"/>
+<link type="text/css" href="stylesheets/tomcat-printer.css" rel="stylesheet"
media="print"/>
</head>
-<body vlink="#525D76" alink="#525D76" link="#525D76" text="#000000"
bgcolor="#ffffff">
-<table cellspacing="0" width="100%" border="0">
+<body bgcolor="#ffffff" text="#000000" link="#525D76" alink="#525D76"
vlink="#525D76">
+<table border="0" width="100%" cellspacing="0">
<!--PAGE HEADER-->
<tr>
<td>
<!--PROJECT LOGO-->
<a href="http://tomcat.apache.org/";>
-<img border="0" alt="Tomcat Logo" align="left" src="./images/tomcat.gif" />
+<img src="./images/tomcat.gif" align="left" alt="Tomcat Logo" border="0"/>
</a>
</td>
<td>
@@ -25,28 +25,28 @@
<td>
<!--APACHE LOGO-->
<a href="http://www.apache.org/";>
-<img border="0" alt="Apache Logo" align="right"
src="http://www.apache.org/images/asf-logo.gif"; />
+<img src="http://www.apache.org/images/asf-logo.gif"; align="right" alt="Apache
Logo" border="0"/>
</a>
</td>
</tr>
</table>
<div class="searchbox noPrint">
-<form method="get" action="http://www.google.com/search";>
-<input type="hidden" name="sitesearch" value="tomcat.apache.org" />
-<input type="text" id="query" name="q" size="25" value="Search the Site" />
-<input type="submit" value="Search Site" name="Search" />
+<form action="http://www.google.com/search"; method="get">
+<input value="tomcat.apache.org" name="sitesearch" type="hidden"/>
+<input value="Search the Site" size="25" name="q" id="query" type="text"/>
+<input name="Search" value="Search Site" type="submit"/>
</form>
</div>
-<table cellspacing="4" width="100%" border="0">
+<table border="0" width="100%" cellspacing="4">
<!--HEADER SEPARATOR-->
<tr>
<td colspan="2">
-<hr size="1" noshade="" />
+<hr noshade="" size="1"/>
</td>
</tr>
<tr>
<!--LEFT SIDE NAVIGATION-->
-<td class="noPrint" nowrap="true" valign="top" width="20%">
+<td width="20%" valign="top" nowrap="true" class="noPrint">
<p>
<strong>Apache Tomcat</strong>
</p>
@@ -178,11 +178,11 @@
</ul>
</td>
<!--RIGHT SIDE MAIN BODY-->
-<td id="mainBody" align="left" valign="top" width="80%">
-<table width="100%" cellpadding="2" cellspacing="0" border="0">
+<td width="80%" valign="top" align="left" id="mainBody">
+<table border="0" cellspacing="0" cellpadding="2" width="100%">
<tr>
<td bgcolor="#525D76">
-<font face="arial,helvetica,sanserif" color="#ffffff">
+<font color="#ffffff" face="arial,helvetica,sanserif">
<a name="Table of Contents">
<!--()-->
</a>
@@ -201,6 +201,9 @@
<a href="#Apache_Tomcat_7.x_vulnerabilities">Apache Tomcat 7.x
vulnerabilities</a>
</li>
<li>
+<a href="#Fixed_in_subversion_for_Apache_Tomcat_7.0.1">Fixed in subversion for
Apache Tomcat 7.0.1</a>
+</li>
+<li>
<a href="#Not_a_vulnerability_in_Tomcat">Not a vulnerability in Tomcat</a>
</li>
</ul>
@@ -210,14 +213,14 @@
</tr>
<tr>
<td>
-<br />
+<br/>
</td>
</tr>
</table>
-<table width="100%" cellpadding="2" cellspacing="0" border="0">
+<table border="0" cellspacing="0" cellpadding="2" width="100%">
<tr>
<td bgcolor="#525D76">
-<font face="arial,helvetica,sanserif" color="#ffffff">
+<font color="#ffffff" face="arial,helvetica,sanserif">
<a name="Apache Tomcat 7.x vulnerabilities">
<!--()-->
</a>
@@ -241,24 +244,73 @@
<p>Please send comments or corrections for these vulnerabilities to the
<a href="mailto:[email protected]";>Tomcat Security
Team</a>.</p>
-
+ </blockquote>
+</p>
+</td>
+</tr>
+<tr>
+<td>
+<br/>
+</td>
+</tr>
+</table>
+<table border="0" cellspacing="0" cellpadding="2" width="100%">
+<tr>
+<td bgcolor="#525D76">
+<font color="#ffffff" face="arial,helvetica,sanserif">
+<a name="Fixed in subversion for Apache Tomcat 7.0.1">
+<!--()-->
+</a>
+<a name="Fixed_in_subversion_for_Apache_Tomcat_7.0.1">
+<strong>Fixed in subversion for Apache Tomcat 7.0.1</strong>
+</a>
+</font>
+</td>
+</tr>
+<tr>
+<td>
+<p>
+<blockquote>
+
+ <p>
+<i>Note: These issues will be fixed in 7.0.1 but that version has not
+ yet been released.</i>
+</p>
+
<p>
-<i>Note: Apache Tomcat 7.0.0 has yet to be released.</i>
+<strong>Important: Remote Denial Of Service and Information Disclosure
+ Vulnerability</strong>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2227";>
+ CVE-2010-2227</a>
</p>
+
+ <p>Several flaws in the handling of the 'Transfer-Encoding' header were
+ found that prevented the recycling of a buffer. A remote attacker could
+ trigger this flaw which would cause subsequent requests to fail and/or
+ information to leak between requests. This flaw is mitigated if Tomcat
is
+ behind a reverse proxy (such as Apache httpd 2.2) as the proxy should
+ reject the invalid transfer encoding header.</p>
+
+ <p>This was fixed in
+ <a href="http://svn.apache.org/viewvc?rev=958911&view=rev";>
+ revision 958911</a>.</p>
+
+ <p>Affects: 7.0.0</p>
+
</blockquote>
</p>
</td>
</tr>
<tr>
<td>
-<br />
+<br/>
</td>
</tr>
</table>
-<table width="100%" cellpadding="2" cellspacing="0" border="0">
+<table border="0" cellspacing="0" cellpadding="2" width="100%">
<tr>
<td bgcolor="#525D76">
-<font face="arial,helvetica,sanserif" color="#ffffff">
+<font color="#ffffff" face="arial,helvetica,sanserif">
<a name="Not a vulnerability in Tomcat">
<!--()-->
</a>
@@ -314,7 +366,7 @@
</tr>
<tr>
<td>
-<br />
+<br/>
</td>
</tr>
</table>
@@ -323,17 +375,17 @@
<!--FOOTER SEPARATOR-->
<tr>
<td colspan="2">
-<hr size="1" noshade="" />
+<hr noshade="" size="1"/>
</td>
</tr>
<!--PAGE FOOTER-->
<tr>
<td colspan="2">
<div align="center">
-<font size="-1" color="#525D76">
+<font color="#525D76" size="-1">
<em>
Copyright © 1999-2010, The Apache Software Foundation
- <br />
+ <br/>
"Apache", the Apache feather, and the Apache Tomcat logo are
trademarks of the Apache Software Foundation for our open source
software.
Modified: tomcat/site/trunk/xdocs/security-5.xml
URL:
http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-5.xml?rev=962498&r1=962497&r2=962498&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/security-5.xml (original)
+++ tomcat/site/trunk/xdocs/security-5.xml Fri Jul 9 12:14:49 2010
@@ -3,7 +3,7 @@
<properties>
<author>Apache Tomcat Project</author>
- <title>Apache Tomcat 5.x vulnerabilities</title>
+ <title>Apache Tomcat 5 vulnerabilities</title>
</properties>
<body>
@@ -39,17 +39,32 @@
<!--
<section name="Not fixed in Apache Tomcat 5.5.x">
- <p><i>Note: It is expected that this issue will be fixed in 5.5.29 but the
+ <p><i>Note: It is expected that this issue will be fixed in 5.5.31 but the
patch has not yet received the necessary votes to be applied to the
5.5.x
code base.</i></p>
</section>
-->
- <section name="Fixed in subversion for Apache Tomcat 5.5.x">
+ <section name="Fixed in Apache Tomcat 5.5.30">
- <p><i>Note: These issues will be fixed in 5.5.30 but that version has not
- yet been released.</i></p>
+ <p><strong>Important: Remote Denial Of Service and Information Disclosure
+ Vulnerability</strong>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2227";>
+ CVE-2010-2227</a></p>
+
+ <p>Several flaws in the handling of the 'Transfer-Encoding' header were
+ found that prevented the recycling of a buffer. A remote attacker could
+ trigger this flaw which would cause subsequent requests to fail and/or
+ information to leak between requests. This flaw is mitigated if Tomcat
is
+ behind a reverse proxy (such as Apache httpd 2.2) as the proxy should
+ reject the invalid transfer encoding header.</p>
+
+ <p>This was fixed in
+ <a href="http://svn.apache.org/viewvc?rev=959428&view=rev";>
+ revision 959428</a>.</p>
+
+ <p>Affects: 5.5.0-5.5.29</p>
<p><strong>Low: Information disclosure in authentication headers</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1157";>
@@ -69,6 +84,8 @@
<a href="http://svn.apache.org/viewvc?rev=936541&view=rev";>
revision 936541</a>.</p>
+ <p>Affects: 5.5.0-5.5.29</p>
+
</section>
<section name="Fixed in Apache Tomcat 5.5.29">
Modified: tomcat/site/trunk/xdocs/security-6.xml
URL:
http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-6.xml?rev=962498&r1=962497&r2=962498&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/security-6.xml (original)
+++ tomcat/site/trunk/xdocs/security-6.xml Fri Jul 9 12:14:49 2010
@@ -3,7 +3,7 @@
<properties>
<author>Apache Tomcat Project</author>
- <title>Apache Tomcat 6.x vulnerabilities</title>
+ <title>Apache Tomcat 6 vulnerabilities</title>
</properties>
<body>
@@ -32,20 +32,30 @@
<section name="Fixed in Apache Tomcat 6.0.28">
- <p><strong>High: Transfer-Encoding denial of service vulnerability</strong>
+ <p><strong>Important: Remote Denial Of Service and Information Disclosure
+ Vulnerability</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2227";>
CVE-2010-2227</a></p>
- <p>A flaw in the handling of the 'Transfer-Encoding' header was found. A
- remote attacker could trigger this flaw which would cause subsequent
- requests to fail or information to leak between requests. This flaw
- is mitigated if Tomcat is behind a proxy as the proxy should reject
- the invalid transfer encoding header.</p>
-
+ <p>Several flaws in the handling of the 'Transfer-Encoding' header were
+ found that prevented the recycling of a buffer. A remote attacker could
+ trigger this flaw which would cause subsequent requests to fail and/or
+ information to leak between requests. This flaw is mitigated if Tomcat
is
+ behind a reverse proxy (such as Apache httpd 2.2) as the proxy should
+ reject the invalid transfer encoding header.</p>
+
<p>This was fixed in
<a href="http://svn.apache.org/viewvc?rev=958977&view=rev";>
revision 958977</a>.</p>
+
+ <p>Affects: 6.0.0-6.0.27</p>
+ <p><i>Note: The issue below was fixed in Apache Tomcat 6.0.27 but the
+ release vote for the 6.0.27 release candidate did not pass. Therefore,
+ although users must download 6.0.28 to obtain a version that includes a
+ fix for this issue, version 6.0.27 is not included in the list of
+ affected versions.</i></p>
+
<p><strong>Low: Information disclosure in authentication headers</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1157";>
CVE-2010-1157</a></p>
@@ -63,6 +73,8 @@
<p>This was fixed in
<a href="http://svn.apache.org/viewvc?rev=936540&view=rev";>
revision 936540</a>.</p>
+
+ <p>Affects: 6.0.0-6.0.26</p>
</section>
Modified: tomcat/site/trunk/xdocs/security-7.xml
URL:
http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-7.xml?rev=962498&r1=962497&r2=962498&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/security-7.xml (original)
+++ tomcat/site/trunk/xdocs/security-7.xml Fri Jul 9 12:14:49 2010
@@ -3,7 +3,7 @@
<properties>
<author>Apache Tomcat Project</author>
- <title>Apache Tomcat 6.x vulnerabilities</title>
+ <title>Apache Tomcat 7 vulnerabilities</title>
</properties>
<body>
@@ -23,8 +23,31 @@
<p>Please send comments or corrections for these vulnerabilities to the
<a href="mailto:[email protected]";>Tomcat Security
Team</a>.</p>
+ </section>
+
+ <section name="Fixed in subversion for Apache Tomcat 7.0.1">
+
+ <p><i>Note: These issues will be fixed in 7.0.1 but that version has not
+ yet been released.</i></p>
+
+ <p><strong>Important: Remote Denial Of Service and Information Disclosure
+ Vulnerability</strong>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2227";>
+ CVE-2010-2227</a></p>
+
+ <p>Several flaws in the handling of the 'Transfer-Encoding' header were
+ found that prevented the recycling of a buffer. A remote attacker could
+ trigger this flaw which would cause subsequent requests to fail and/or
+ information to leak between requests. This flaw is mitigated if Tomcat
is
+ behind a reverse proxy (such as Apache httpd 2.2) as the proxy should
+ reject the invalid transfer encoding header.</p>
+
+ <p>This was fixed in
+ <a href="http://svn.apache.org/viewvc?rev=958911&view=rev";>
+ revision 958911</a>.</p>
+
+ <p>Affects: 7.0.0</p>
- <p><i>Note: Apache Tomcat 7.0.0 has yet to be released.</i></p>
</section>
<section name="Not a vulnerability in Tomcat">
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
![http://www.apache.org/images/asf-logo.gif"](http://www.apache.org/images/asf-logo.gif"){kind=link}