Geronimo
  1. Geronimo
  2. GERONIMO-6402

Import some fixes into Tomcat 7.0.27.1 about Apache Tomcat DIGEST authentication weaknesses and Denial of Service from Tomcat community

    Details

    • Type: Bug Bug
    • Status: Open
    • Priority: Critical Critical
    • Resolution: Unresolved
    • Affects Version/s: 3.0.0
    • Fix Version/s: None
    • Component/s: Tomcat
    • Security Level: public (Regular issues)
    • Labels:
      None

      Description

      As title

      1. catalina-7.0.27.1.jar
        1.93 MB
        xiezhi
      2. DIGESTForTomcat7.patch
        17 kB
        xiezhi
      3. DoSForTomcat7.patch
        2 kB
        xiezhi

        Activity

        xiezhi created issue -
        Hide
        xiezhi added a comment -

        Have made the patch.

        Show
        xiezhi added a comment - Have made the patch.
        xiezhi made changes -
        Field Original Value New Value
        Attachment securityPatchCVE-2012-2733ForTomcat7.0.27.1(r1350301).patch [ 12552437 ]
        Attachment securityPatchCVE-2012-3439ForTomcat7.0.27.1(r1377807).patch [ 12552438 ]
        Attachment catalina-7.0.27.1.jar [ 12552439 ]
        xiezhi made changes -
        Summary Tomcat fix for security vulnerability CVE-2012-2733 and CVE-2012-3439 Tomcat7.0.27.1 fix for security vulnerability CVE-2012-2733 and CVE-2012-3439
        xiezhi made changes -
        Summary Tomcat7.0.27.1 fix for security vulnerability CVE-2012-2733 and CVE-2012-3439 Import some fixes into Tomcat 7.0.27.1 about Apache Tomcat DIGEST authentication weaknesses and Denial of Service from Tomcat community
        Description Please refer Tomcat security reports
        1.http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.28
        2.http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.30
        As title
        xiezhi made changes -
        Attachment securityPatchCVE-2012-2733ForTomcat7.0.27.1(r1350301).patch [ 12552437 ]
        xiezhi made changes -
        Attachment securityPatchCVE-2012-3439ForTomcat7.0.27.1(r1377807).patch [ 12552438 ]
        xiezhi made changes -
        Attachment DoSForTomcat7.patch [ 12552596 ]
        Attachment DIGESTForTomcat7.patch [ 12552597 ]
        xiezhi made changes -
        Attachment DIGESTForTomcat7.patch [ 12552597 ]
        xiezhi made changes -
        Attachment DIGESTForTomcat7.patch [ 12552604 ]
        Hide
        xiezhi added a comment -

        These patches could apply to Tomcat 7.0.27.2 (in http://svn.apache.org/repos/asf/geronimo/external/trunk/tomcat-parent-7.0.27) too.

        Show
        xiezhi added a comment - These patches could apply to Tomcat 7.0.27.2 (in http://svn.apache.org/repos/asf/geronimo/external/trunk/tomcat-parent-7.0.27 ) too.

          People

          • Assignee:
            Unassigned
            Reporter:
            xiezhi
          • Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated:

              Development