lp:ubuntu/lucid-security/tomcat6

Created by James Westby on 2010-08-25 and last modified on 2014-07-24
Get this branch:
bzr branch lp:ubuntu/lucid-security/tomcat6
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Review team:
Ubuntu Development Team
Status:
Mature

Recent revisions

29. By Marc Deslauriers on 2014-07-24

* SECURITY UPDATE: denial of service via malformed chunk size
  - debian/patches/CVE-2014-0075.patch: fix overflow in
    java/org/apache/coyote/http11/filters/ChunkedInputFilter.java.
  - CVE-2014-0075
* SECURITY UPDATE: file disclosure via XXE issue
  - debian/patches/CVE-2014-0096.patch: change globalXsltFile to be a
    relative path in conf/web.xml,
    java/org/apache/catalina/servlets/DefaultServlet.java,
    java/org/apache/catalina/servlets/LocalStrings.properties,
    webapps/docs/default-servlet.xml.
  - CVE-2014-0096
* SECURITY UPDATE: HTTP request smuggling attack via crafted
  Content-Length HTTP header
  - debian/patches/CVE-2014-0099.patch: correctly handle long values in
    java/org/apache/tomcat/util/buf/Ascii.java.
  - CVE-2014-0099

28. By Marc Deslauriers on 2014-03-05

* SECURITY UPDATE: request smuggling attack via content-length headers
  - debian/patches/CVE-2013-4286.patch: handle multiple content lengths
    in java/org/apache/coyote/ajp/AbstractAjpProcessor.java,
    java/org/apache/coyote/ajp/AjpProcessor.java, handle content length
    and chunked encoding being both specified in
    java/org/apache/coyote/http11/Http11AprProcessor.java,
    java/org/apache/coyote/http11/Http11NioProcessor.java,
    java/org/apache/coyote/http11/Http11Processor.java.
  - CVE-2013-4286
* SECURITY UPDATE: denial of service via chunked transfer coding
  - debian/patches/CVE-2013-4322.patch: limit length of extension data in
    java/org/apache/coyote/Constants.java,
    java/org/apache/coyote/http11/filters/ChunkedInputFilter.java,
    webapps/docs/config/systemprops.xml.
  - CVE-2013-4322

27. By Marc Deslauriers on 2013-05-21

* SECURITY UPDATE: denial of service via chunked transfer encoding
  - debian/patches/CVE-2012-3544.patch: properly parse CRLF in requests
    in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java.
  - CVE-2012-3544
* SECURITY UPDATE: FORM authentication request injection
  - debian/patches/CVE-2013-2067.patch: properly change session ID
    in java/org/apache/catalina/authenticator/FormAuthenticator.java.
  - CVE-2013-2067

26. By Marc Deslauriers on 2013-01-10

* SECURITY UPDATE: security-constraint bypass with FORM auth
  - debian/patches/CVE-2012-3546.patch: remove unneeded code in
    java/org/apache/catalina/realm/RealmBase.java.
  - CVE-2012-3546
* SECURITY UPDATE: denial of service with NIO connector
  - debian/patches/CVE-2012-4534.patch: properly handle connection breaks
    in java/org/apache/tomcat/util/net/NioEndpoint.java.
  - CVE-2012-4534

25. By Marc Deslauriers on 2012-11-21

* SECURITY UPDATE: denial of service via large header data
  - debian/patches/0012-CVE-2012-2733.patch: improve size logic in
    java/org/apache/coyote/http11/InternalNioInputBuffer.java.
  - CVE-2012-2733
* SECURITY UPDATE: multiple HTTP Digest Access Authentication flaws
  - debian/patches/0013-CVE-2012-588x.patch: disable caching of an
    authenticated user in the session by default, track server rather
    than client nonces, better handling of stale nonce values in
    java/org/apache/catalina/authenticator/DigestAuthenticator.java.
  - CVE-2012-3439
  - CVE-2012-5885
  - CVE-2012-5886
  - CVE-2012-5887

24. By Marc Deslauriers on 2012-01-25

* SECURITY UPDATE: denial of service via hash collision and incorrect
  handling of large numbers of parameters and parameter values
  (LP: #909828)
  - debian/patches/0019-CVE-2012-0022.patch: refactor parameter handling
    code in conf/web.xml,
    java/org/apache/catalina/connector/Connector.java,
    java/org/apache/catalina/connector/mbeans-descriptors.xml,
    java/org/apache/catalina/connector/Request.java,
    java/org/apache/catalina/filters/FailedRequestFilter.java,
    java/org/apache/catalina/Globals.java,
    java/org/apache/coyote/Request.java,
    java/org/apache/tomcat/util/buf/B2CConverter.java,
    java/org/apache/tomcat/util/buf/ByteChunk.java,
    java/org/apache/tomcat/util/buf/MessageBytes.java,
    java/org/apache/tomcat/util/buf/StringCache.java,
    java/org/apache/tomcat/util/http/LocalStrings.properties,
    java/org/apache/tomcat/util/http/Parameters.java,
    webapps/docs/config/ajp.xml,
    webapps/docs/config/http.xml.
  - CVE-2011-4858
  - CVE-2012-0022

23. By Marc Deslauriers on 2011-09-26

* SECURITY UPDATE: information disclosure via log file
  - debian/patches/0015-CVE-2011-2204.patch: fix logging in
    java/org/apache/catalina/mbeans/MemoryUserDatabaseMBean.java,
    java/org/apache/catalina/users/MemoryUserDatabase.java,
    java/org/apache/catalina/users/MemoryUser.java.
  - CVE-2011-2204
* SECURITY UPDATE: file restriction bypass or denial of service via
  untrusted web application.
  - debian/patches/0016-CVE-2011-2526.patch: check canonical name in
    java/org/apache/catalina/connector/LocalStrings.properties,
    java/org/apache/catalina/connector/Request.java,
    java/org/apache/catalina/servlets/DefaultServlet.java,
    java/org/apache/coyote/http11/Http11AprProcessor.java,
    java/org/apache/coyote/http11/LocalStrings.properties,
    java/org/apache/tomcat/util/net/AprEndpoint.java,
    java/org/apache/tomcat/util/net/NioEndpoint.java.
  - CVE-2011-2526
* SECURITY UPDATE: AJP request spoofing and authentication bypass
  (LP: #843701)
  - debian/patches/0017-CVE-2011-3190.patch: Properly handle request
    bodies in java/org/apache/coyote/ajp/AjpAprProcessor.java,
    java/org/apache/coyote/ajp/AjpProcessor.java.
  - CVE-2011-3190
* SECURITY UPDATE: HTTP DIGEST authentication weaknesses
  - debian/patches/0018-CVE-2011-1184.patch: add new nonce options in
    java/org/apache/catalina/authenticator/DigestAuthenticator.java,
    java/org/apache/catalina/authenticator/LocalStrings.properties,
    java/org/apache/catalina/authenticator/mbeans-descriptors.xml,
    java/org/apache/catalina/realm/RealmBase.java,
    webapps/docs/config/valve.xml.
  - CVE-2011-1184

22. By Marc Deslauriers on 2011-03-24

* SECURITY UPDATE: directory traversal via incorrect ServetContext
  attribute (LP: #717396)
  - debian/patches/0012-CVE-2010-3718.patch: mark as read only in
    java/org/apache/catalina/core/StandardContext.java.
  - CVE-2010-3718
* SECURITY UPDATE: cross-site scripting in HTML Manager interface
  - debian/patches/0013-CVE-2011-0013.patch: properly filter values in
    java/org/apache/catalina/manager/{HTMLManagerServlet.java,
    StatusTransformer.java}.
  - CVE-2011-0013
* SECURITY UPDATE: denial of service via NIOS HTTP connector
  (LP: #714239, LP: #717396)
  - debian/patches/0014-CVE-2011-0534.patch: enforce proper size in
    java/org/apache/coyote/http11/InternalNioInputBuffer.java.
  - CVE-2011-0534

21. By Marc Deslauriers on 2011-01-13

* SECURITY UPDATE: cross-site scripting in Manager application
  - debian/patches/0011-CVE-2010-4172.patch: add proper escaping to
    java/org/apache/catalina/manager/JspHelper.java,
    webapps/manager/{sessionDetail,sessionsList}.jsp.
  - patch backported from Debian 6.0.28-9 package
  - CVE-2010-4172

20. By Marc Deslauriers on 2010-08-19

* SECURITY UPDATE: denial of service and possible information disclosure
  via crafted header
  - debian/patches/CVE-2010-2227.patch: fix filter logic in
    java/org/apache/coyote/http11/{Http11AprProcessor,Http11NioProcessor,
    Http11Processor,filters/BufferedInputFilter}.java.
  - CVE-2010-2227

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp:ubuntu/maverick/tomcat6
This branch contains Public information 
Everyone can see this information.

Subscribers