Author: markt
Date: Tue Dec 4 19:48:32 2012
New Revision: 1417137
URL: http://svn.apache.org/viewvc?rev=1417137&view=rev
Log:
Publish vulnerability info
Modified:
tomcat/site/trunk/docs/security-6.html
tomcat/site/trunk/docs/security-7.html
tomcat/site/trunk/xdocs/security-6.xml
tomcat/site/trunk/xdocs/security-7.xml
Modified: tomcat/site/trunk/docs/security-6.html
URL:
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-6.html?rev=1417137&r1=1417136&r2=1417137&view=diff
==============================================================================
--- tomcat/site/trunk/docs/security-6.html (original)
+++ tomcat/site/trunk/docs/security-6.html Tue Dec 4 19:48:32 2012
@@ -389,6 +389,77 @@
<p>Affects: 6.0.0-6.0.35</p>
+
+<p>
+<strong>Important: Bypass of security constraints</strong>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3546";
rel="nofollow">CVE-2012-3546</a>
+</p>
+
+
+<p>When using FORM authentication it was possible to bypass the security
+ constraint checks in the FORM authenticator by appending
+ <code>/j_security_check</code> to the end of the URL if some other
+ component (such as the Single-Sign-On valve) had called
+ <code>request.setUserPrincipal()</code> before the call to
+ <code>FormAuthenticator#authenticate()</code>.
+ </p>
+
+
+<p>This was fixed in revision <a
href="http://svn.apache.org/viewvc?view=rev&rev=1381035";>1381035</a>.</p>
+
+
+<p>This issue was identified by the Tomcat security team on 13 July 2012 and
+ made public on 4 December 2012.</p>
+
+
+<p>Affects: 6.0.0-6.0.36</p>
+
+
+<p>
+<strong>Important: Bypass of CSRF prevention filter</strong>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4431";
rel="nofollow">CVE-2012-4431</a>
+</p>
+
+
+<p>The CSRF prevention filter could be bypassed if a request was made to a
+ protected resource without a session identifier present in the request.
+ </p>
+
+
+<p>This was fixed in revision <a
href="http://svn.apache.org/viewvc?view=rev&rev=1394456";>1394456</a>.</p>
+
+
+<p>This issue was identified by the Tomcat security team on 8 September 2012
+ and made public on 4 December 2012.</p>
+
+
+<p>Affects: 6.0.0-6.0.36</p>
+
+
+<p>
+<strong>Important: Denial of service</strong>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4534";
rel="nofollow">CVE-2012-4534</a>
+</p>
+
+
+<p>When using the NIO connector with sendfile and HTTPS enabled, if a client
+ breaks the connection while reading the response an infinite loop is
+ entered leading to a denial of service. This was originally reported as
+ <a href="https://issues.apache.org/bugzilla/show_bug.cgi?id=52858";>bug
+ 52858</a>.
+ </p>
+
+
+<p>This was fixed in revision <a
href="http://svn.apache.org/viewvc?view=rev&rev=1372035";>1372035</a>.</p>
+
+
+<p>The security implications of this bug were reported to the Tomcat
+ security team by Arun Neelicattu of the Red Hat Security Response Team
on
+ 3 October 2012 and made public on 4 December 2012.</p>
+
+
+<p>Affects: 6.0.0-6.0.35</p>
+
</blockquote>
</p>
Modified: tomcat/site/trunk/docs/security-7.html
URL:
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-7.html?rev=1417137&r1=1417136&r2=1417137&view=diff
==============================================================================
--- tomcat/site/trunk/docs/security-7.html (original)
+++ tomcat/site/trunk/docs/security-7.html Tue Dec 4 19:48:32 2012
@@ -368,6 +368,52 @@
<p>Affects: 7.0.0-7.0.29</p>
+
+<p>
+<strong>Important: Bypass of security constraints</strong>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3546";
rel="nofollow">CVE-2012-3546</a>
+</p>
+
+
+<p>When using FORM authentication it was possible to bypass the security
+ constraint checks in the FORM authenticator by appending
+ <code>/j_security_check</code> to the end of the URL if some other
+ component (such as the Single-Sign-On valve) had called
+ <code>request.setUserPrincipal()</code> before the call to
+ <code>FormAuthenticator#authenticate()</code>.
+ </p>
+
+
+<p>This was fixed in revision <a
href="http://svn.apache.org/viewvc?view=rev&rev=1377892";>1377892</a>.</p>
+
+
+<p>This issue was identified by the Tomcat security team on 13 July 2012 and
+ made public on 4 December 2012.</p>
+
+
+<p>Affects: 7.0.0-7.0.29</p>
+
+
+<p>
+<strong>Important: Bypass of CSRF prevention filter</strong>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4431";
rel="nofollow">CVE-2012-4431</a>
+</p>
+
+
+<p>The CSRF prevention filter could be bypassed if a request was made to a
+ protected resource without a session identifier present in the request.
+ </p>
+
+
+<p>This was fixed in revision <a
href="http://svn.apache.org/viewvc?view=rev&rev=1393088";>1393088</a>.</p>
+
+
+<p>This issue was identified by the Tomcat security team on 8 September 2012
+ and made public on 4 December 2012.</p>
+
+
+<p>Affects: 7.0.0-7.0.31</p>
+
</blockquote>
</p>
@@ -412,6 +458,31 @@
<p>Affects: 7.0.0-7.0.27</p>
+
+<p>
+<strong>Important: Denial of service</strong>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4534";
rel="nofollow">CVE-2012-4534</a>
+</p>
+
+
+<p>When using the NIO connector with sendfile and HTTPS enabled, if a client
+ breaks the connection while reading the response an infinite loop is
+ entered leading to a denial of service. This was originally reported as
+ <a href="https://issues.apache.org/bugzilla/show_bug.cgi?id=52858";>bug
+ 52858</a>.
+ </p>
+
+
+<p>This was fixed in revision <a
href="http://svn.apache.org/viewvc?view=rev&rev=1340218";>1340218</a>.</p>
+
+
+<p>The security implications of this bug were reported to the Tomcat
+ security team by Arun Neelicattu of the Red Hat Security Response Team
on
+ 3 October 2012 and made public on 4 December 2012.</p>
+
+
+<p>Affects: 7.0.0-7.0.27</p>
+
</blockquote>
</p>
Modified: tomcat/site/trunk/xdocs/security-6.xml
URL:
http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-6.xml?rev=1417137&r1=1417136&r2=1417137&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/security-6.xml (original)
+++ tomcat/site/trunk/xdocs/security-6.xml Tue Dec 4 19:48:32 2012
@@ -93,6 +93,56 @@
<p>Affects: 6.0.0-6.0.35</p>
+ <p><strong>Important: Bypass of security constraints</strong>
+ <cve>CVE-2012-3546</cve></p>
+
+ <p>When using FORM authentication it was possible to bypass the security
+ constraint checks in the FORM authenticator by appending
+ <code>/j_security_check</code> to the end of the URL if some other
+ component (such as the Single-Sign-On valve) had called
+ <code>request.setUserPrincipal()</code> before the call to
+ <code>FormAuthenticator#authenticate()</code>.
+ </p>
+
+ <p>This was fixed in revision <revlink rev="1381035">1381035</revlink>.</p>
+
+ <p>This issue was identified by the Tomcat security team on 13 July 2012
and
+ made public on 4 December 2012.</p>
+
+ <p>Affects: 6.0.0-6.0.36</p>
+
+ <p><strong>Important: Bypass of CSRF prevention filter</strong>
+ <cve>CVE-2012-4431</cve></p>
+
+ <p>The CSRF prevention filter could be bypassed if a request was made to a
+ protected resource without a session identifier present in the request.
+ </p>
+
+ <p>This was fixed in revision <revlink rev="1394456">1394456</revlink>.</p>
+
+ <p>This issue was identified by the Tomcat security team on 8 September
2012
+ and made public on 4 December 2012.</p>
+
+ <p>Affects: 6.0.0-6.0.36</p>
+
+ <p><strong>Important: Denial of service</strong>
+ <cve>CVE-2012-4534</cve></p>
+
+ <p>When using the NIO connector with sendfile and HTTPS enabled, if a
client
+ breaks the connection while reading the response an infinite loop is
+ entered leading to a denial of service. This was originally reported as
+ <a href="https://issues.apache.org/bugzilla/show_bug.cgi?id=52858";>bug
+ 52858</a>.
+ </p>
+
+ <p>This was fixed in revision <revlink rev="1372035">1372035</revlink>.</p>
+
+ <p>The security implications of this bug were reported to the Tomcat
+ security team by Arun Neelicattu of the Red Hat Security Response Team
on
+ 3 October 2012 and made public on 4 December 2012.</p>
+
+ <p>Affects: 6.0.0-6.0.35</p>
+
</section>
<section name="Fixed in Apache Tomcat 6.0.35" rtext="released 5 Dec 2011">
Modified: tomcat/site/trunk/xdocs/security-7.xml
URL:
http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-7.xml?rev=1417137&r1=1417136&r2=1417137&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/security-7.xml (original)
+++ tomcat/site/trunk/xdocs/security-7.xml Tue Dec 4 19:48:32 2012
@@ -78,6 +78,38 @@
<p>Affects: 7.0.0-7.0.29</p>
+ <p><strong>Important: Bypass of security constraints</strong>
+ <cve>CVE-2012-3546</cve></p>
+
+ <p>When using FORM authentication it was possible to bypass the security
+ constraint checks in the FORM authenticator by appending
+ <code>/j_security_check</code> to the end of the URL if some other
+ component (such as the Single-Sign-On valve) had called
+ <code>request.setUserPrincipal()</code> before the call to
+ <code>FormAuthenticator#authenticate()</code>.
+ </p>
+
+ <p>This was fixed in revision <revlink rev="1377892">1377892</revlink>.</p>
+
+ <p>This issue was identified by the Tomcat security team on 13 July 2012
and
+ made public on 4 December 2012.</p>
+
+ <p>Affects: 7.0.0-7.0.29</p>
+
+ <p><strong>Important: Bypass of CSRF prevention filter</strong>
+ <cve>CVE-2012-4431</cve></p>
+
+ <p>The CSRF prevention filter could be bypassed if a request was made to a
+ protected resource without a session identifier present in the request.
+ </p>
+
+ <p>This was fixed in revision <revlink rev="1393088">1393088</revlink>.</p>
+
+ <p>This issue was identified by the Tomcat security team on 8 September
2012
+ and made public on 4 December 2012.</p>
+
+ <p>Affects: 7.0.0-7.0.31</p>
+
</section>
<section name="Fixed in Apache Tomcat 7.0.28" rtext="released 19 Jun 2012">
@@ -98,6 +130,24 @@
<p>Affects: 7.0.0-7.0.27</p>
+ <p><strong>Important: Denial of service</strong>
+ <cve>CVE-2012-4534</cve></p>
+
+ <p>When using the NIO connector with sendfile and HTTPS enabled, if a
client
+ breaks the connection while reading the response an infinite loop is
+ entered leading to a denial of service. This was originally reported as
+ <a href="https://issues.apache.org/bugzilla/show_bug.cgi?id=52858";>bug
+ 52858</a>.
+ </p>
+
+ <p>This was fixed in revision <revlink rev="1340218">1340218</revlink>.</p>
+
+ <p>The security implications of this bug were reported to the Tomcat
+ security team by Arun Neelicattu of the Red Hat Security Response Team
on
+ 3 October 2012 and made public on 4 December 2012.</p>
+
+ <p>Affects: 7.0.0-7.0.27</p>
+
</section>
<section name="Fixed in Apache Tomcat 7.0.23" rtext="released 25 Nov 2011">
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
