lp:ubuntu/lucid-updates/tomcat6
- Get this branch:
- bzr branch lp:ubuntu/lucid-updates/tomcat6
Branch merges
Branch information
Recent revisions
- 29. By Marc Deslauriers
-
* SECURITY UPDATE: denial of service via malformed chunk size
- debian/patches/ CVE-2014- 0075.patch: fix overflow in
java/org/apache/ coyote/ http11/ filters/ ChunkedInputFil ter.java.
- CVE-2014-0075
* SECURITY UPDATE: file disclosure via XXE issue
- debian/patches/ CVE-2014- 0096.patch: change globalXsltFile to be a
relative path in conf/web.xml,
java/org/apache/ catalina/ servlets/ DefaultServlet. java,
java/org/apache/ catalina/ servlets/ LocalStrings. properties,
webapps/docs/default- servlet. xml.
- CVE-2014-0096
* SECURITY UPDATE: HTTP request smuggling attack via crafted
Content-Length HTTP header
- debian/patches/ CVE-2014- 0099.patch: correctly handle long values in
java/org/apache/ tomcat/ util/buf/ Ascii.java.
- CVE-2014-0099 - 28. By Marc Deslauriers
-
* SECURITY UPDATE: request smuggling attack via content-length headers
- debian/patches/ CVE-2013- 4286.patch: handle multiple content lengths
in java/org/apache/ coyote/ ajp/AbstractAjp Processor. java,
java/org/apache/ coyote/ ajp/AjpProcesso r.java, handle content length
and chunked encoding being both specified in
java/org/apache/ coyote/ http11/ Http11AprProces sor.java,
java/org/apache/ coyote/ http11/ Http11NioProces sor.java,
java/org/apache/ coyote/ http11/ Http11Processor .java.
- CVE-2013-4286
* SECURITY UPDATE: denial of service via chunked transfer coding
- debian/patches/ CVE-2013- 4322.patch: limit length of extension data in
java/org/apache/ coyote/ Constants. java,
java/org/apache/ coyote/ http11/ filters/ ChunkedInputFil ter.java,
webapps/docs/config/ systemprops. xml.
- CVE-2013-4322 - 27. By Marc Deslauriers
-
* SECURITY UPDATE: denial of service via chunked transfer encoding
- debian/patches/ CVE-2012- 3544.patch: properly parse CRLF in requests
in java/org/apache/ coyote/ http11/ filters/ ChunkedInputFil ter.java.
- CVE-2012-3544
* SECURITY UPDATE: FORM authentication request injection
- debian/patches/ CVE-2013- 2067.patch: properly change session ID
in java/org/apache/ catalina/ authenticator/ FormAuthenticat or.java.
- CVE-2013-2067 - 26. By Marc Deslauriers
-
* SECURITY UPDATE: security-constraint bypass with FORM auth
- debian/patches/ CVE-2012- 3546.patch: remove unneeded code in
java/org/apache/ catalina/ realm/RealmBase .java.
- CVE-2012-3546
* SECURITY UPDATE: denial of service with NIO connector
- debian/patches/ CVE-2012- 4534.patch: properly handle connection breaks
in java/org/apache/ tomcat/ util/net/ NioEndpoint. java.
- CVE-2012-4534 - 25. By Marc Deslauriers
-
* SECURITY UPDATE: denial of service via large header data
- debian/patches/ 0012-CVE- 2012-2733. patch: improve size logic in
java/org/apache/ coyote/ http11/ InternalNioInpu tBuffer. java.
- CVE-2012-2733
* SECURITY UPDATE: multiple HTTP Digest Access Authentication flaws
- debian/patches/ 0013-CVE- 2012-588x. patch: disable caching of an
authenticated user in the session by default, track server rather
than client nonces, better handling of stale nonce values in
java/org/apache/ catalina/ authenticator/ DigestAuthentic ator.java.
- CVE-2012-3439
- CVE-2012-5885
- CVE-2012-5886
- CVE-2012-5887 - 24. By Marc Deslauriers
-
* SECURITY UPDATE: denial of service via hash collision and incorrect
handling of large numbers of parameters and parameter values
(LP: #909828)
- debian/patches/ 0019-CVE- 2012-0022. patch: refactor parameter handling
code in conf/web.xml,
java/org/apache/ catalina/ connector/ Connector. java,
java/org/apache/ catalina/ connector/ mbeans- descriptors. xml,
java/org/apache/ catalina/ connector/ Request. java,
java/org/apache/ catalina/ filters/ FailedRequestFi lter.java,
java/org/apache/ catalina/ Globals. java,
java/org/apache/ coyote/ Request. java,
java/org/apache/ tomcat/ util/buf/ B2CConverter. java,
java/org/apache/ tomcat/ util/buf/ ByteChunk. java,
java/org/apache/ tomcat/ util/buf/ MessageBytes. java,
java/org/apache/ tomcat/ util/buf/ StringCache. java,
java/org/apache/ tomcat/ util/http/ LocalStrings. properties,
java/org/apache/ tomcat/ util/http/ Parameters. java,
webapps/docs/config/ ajp.xml,
webapps/docs/config/ http.xml.
- CVE-2011-4858
- CVE-2012-0022 - 23. By Marc Deslauriers
-
* SECURITY UPDATE: information disclosure via log file
- debian/patches/ 0015-CVE- 2011-2204. patch: fix logging in
java/org/apache/ catalina/ mbeans/ MemoryUserDatab aseMBean. java,
java/org/apache/ catalina/ users/MemoryUse rDatabase. java,
java/org/apache/ catalina/ users/MemoryUse r.java.
- CVE-2011-2204
* SECURITY UPDATE: file restriction bypass or denial of service via
untrusted web application.
- debian/patches/ 0016-CVE- 2011-2526. patch: check canonical name in
java/org/apache/ catalina/ connector/ LocalStrings. properties,
java/org/apache/ catalina/ connector/ Request. java,
java/org/apache/ catalina/ servlets/ DefaultServlet. java,
java/org/apache/ coyote/ http11/ Http11AprProces sor.java,
java/org/apache/ coyote/ http11/ LocalStrings. properties,
java/org/apache/ tomcat/ util/net/ AprEndpoint. java,
java/org/apache/ tomcat/ util/net/ NioEndpoint. java.
- CVE-2011-2526
* SECURITY UPDATE: AJP request spoofing and authentication bypass
(LP: #843701)
- debian/patches/ 0017-CVE- 2011-3190. patch: Properly handle request
bodies in java/org/apache/ coyote/ ajp/AjpAprProce ssor.java,
java/org/apache/ coyote/ ajp/AjpProcesso r.java.
- CVE-2011-3190
* SECURITY UPDATE: HTTP DIGEST authentication weaknesses
- debian/patches/ 0018-CVE- 2011-1184. patch: add new nonce options in
java/org/apache/ catalina/ authenticator/ DigestAuthentic ator.java,
java/org/apache/ catalina/ authenticator/ LocalStrings. properties,
java/org/apache/ catalina/ authenticator/ mbeans- descriptors. xml,
java/org/apache/ catalina/ realm/RealmBase .java,
webapps/docs/config/ valve.xml.
- CVE-2011-1184 - 22. By Marc Deslauriers
-
* SECURITY UPDATE: directory traversal via incorrect ServetContext
attribute (LP: #717396)
- debian/patches/ 0012-CVE- 2010-3718. patch: mark as read only in
java/org/apache/ catalina/ core/StandardCo ntext.java.
- CVE-2010-3718
* SECURITY UPDATE: cross-site scripting in HTML Manager interface
- debian/patches/ 0013-CVE- 2011-0013. patch: properly filter values in
java/org/apache/ catalina/ manager/ {HTMLManagerSer vlet.java,
StatusTransformer. java}.
- CVE-2011-0013
* SECURITY UPDATE: denial of service via NIOS HTTP connector
(LP: #714239, LP: #717396)
- debian/patches/ 0014-CVE- 2011-0534. patch: enforce proper size in
java/org/apache/ coyote/ http11/ InternalNioInpu tBuffer. java.
- CVE-2011-0534 - 21. By Marc Deslauriers
-
* SECURITY UPDATE: cross-site scripting in Manager application
- debian/patches/ 0011-CVE- 2010-4172. patch: add proper escaping to
java/org/apache/ catalina/ manager/ JspHelper. java,
webapps/manager/ {sessionDetail, sessionsList} .jsp.
- patch backported from Debian 6.0.28-9 package
- CVE-2010-4172 - 20. By Marc Deslauriers
-
* SECURITY UPDATE: denial of service and possible information disclosure
via crafted header
- debian/patches/ CVE-2010- 2227.patch: fix filter logic in
java/org/apache/ coyote/ http11/ {Http11AprProce ssor,Http11NioP rocessor,
Http11Processor,filters/ BufferedInputFi lter}.java.
- CVE-2010-2227
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/maverick/tomcat6