[tomcat8] 01/01: Fixed CVE-2017-5664: Static error pages can be overwritten if the DefaultServlet is configured to permit writes (Closes: #864447)
Emmanuel Bourg
ebourg-guest at moszumanska.debian.org
Wed Jun 21 11:37:54 UTC 2017
This is an automated email from the git hooks/post-receive script.
ebourg-guest pushed a commit to branch stretch
in repository tomcat8.
commit b8a566435d0f49d29acfea3654cda356977372c1
Author: Emmanuel Bourg <ebourg at apache.org>
Date: Thu Jun 8 22:34:36 2017 +0200
Fixed CVE-2017-5664: Static error pages can be overwritten if the DefaultServlet is configured to permit writes (Closes: #864447)
---
debian/changelog | 8 ++++++
debian/patches/CVE-2017-5664.patch | 56 ++++++++++++++++++++++++++++++++++++++
debian/patches/series | 1 +
3 files changed, 65 insertions(+)
diff --git a/debian/changelog b/debian/changelog
index 363623d..49649e0 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+tomcat8 (8.5.14-1+deb9u1) stretch-security; urgency=high
+
+ * Team upload.
+ * Fixed CVE-2017-5664: Static error pages can be overwritten if the
+ DefaultServlet is configured to permit writes (Closes: #864447)
+
+ -- Emmanuel Bourg <ebourg at apache.org> Wed, 21 Jun 2017 13:36:46 +0200
+
tomcat8 (8.5.14-1) unstable; urgency=medium
* Team upload.
diff --git a/debian/patches/CVE-2017-5664.patch b/debian/patches/CVE-2017-5664.patch
new file mode 100644
index 0000000..44476c9
--- /dev/null
+++ b/debian/patches/CVE-2017-5664.patch
@@ -0,0 +1,56 @@
+Description: CVE-2017-5664: Static error pages can be overwritten
+ if the DefaultServlet is configured to permit writes.
+Origin: backport, https://svn.apache.org/r1793469
+ https://svn.apache.org/r1793488
+--- a/java/org/apache/catalina/servlets/DefaultServlet.java
++++ b/java/org/apache/catalina/servlets/DefaultServlet.java
+@@ -407,6 +407,18 @@
+ }
+
+
++ @Override
++ protected void service(HttpServletRequest req, HttpServletResponse resp)
++ throws ServletException, IOException {
++
++ if (req.getDispatcherType() == DispatcherType.ERROR) {
++ doGet(req, resp);
++ } else {
++ super.service(req, resp);
++ }
++ }
++
++
+ /**
+ * Process a GET request for the specified resource.
+ *
+@@ -794,7 +806,7 @@
+ return;
+ }
+
+- boolean isError = response.getStatus() >= HttpServletResponse.SC_BAD_REQUEST;
++ boolean isError = DispatcherType.ERROR == request.getDispatcherType();
+
+ boolean included = false;
+ // Check if the conditions specified in the optional If headers are
+--- a/java/org/apache/catalina/servlets/WebdavServlet.java
++++ b/java/org/apache/catalina/servlets/WebdavServlet.java
+@@ -30,6 +30,7 @@
+ import java.util.TimeZone;
+ import java.util.Vector;
+
++import javax.servlet.DispatcherType;
+ import javax.servlet.RequestDispatcher;
+ import javax.servlet.ServletContext;
+ import javax.servlet.ServletException;
+@@ -315,6 +316,11 @@
+ return;
+ }
+
++ if (req.getDispatcherType() == DispatcherType.ERROR) {
++ doGet(req, resp);
++ return;
++ }
++
+ final String method = req.getMethod();
+
+ if (debug > 0) {
diff --git a/debian/patches/series b/debian/patches/series
index 1b36989..fe0ccae 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -8,3 +8,4 @@
0018-fix-manager-webapp.patch
0019-add-distribution-to-error-page.patch
0021-dont-test-unsupported-ciphers.patch
+CVE-2017-5664.patch
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-java/tomcat8.git
More information about the pkg-java-commits
mailing list