Fix CVE-2007-5461.

git-svn-id: https://svn.apache.org/repos/asf/tomcat/tc6.0.x/trunk@585934 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/STATUS b/STATUS
index b666623..0b769eb 100644 (file)
--- a/STATUS
+++ b/STATUS
@@ -42,11 +42,6 @@ PATCHES PROPOSED TO BACKPORT:
   +1: fhanik,funkman
   -1: 
   
-* Fix important vulnerability when webdav is enabled for write
-  Patch: http://marc.info/?l=tomcat-dev&m=119245116910632&w=2
-  +1: markt, funkman, remm, fhanik
-  -1: 
-
 * Fix for JDT update: update jdt.jar in build.properties.default to:
   jdt.jar=${jdt.lib}/org.eclipse.jdt.core_3.3.1.v_780_R33x.jar
   +1: remm, fhanik,funkman, pero

diff --git a/java/org/apache/catalina/servlets/WebdavServlet.java b/java/org/apache/catalina/servlets/WebdavServlet.java
index 88312fc..521c646 100644 (file)
--- a/java/org/apache/catalina/servlets/WebdavServlet.java
+++ b/java/org/apache/catalina/servlets/WebdavServlet.java
@@ -243,6 +243,7 @@ public class WebdavServlet
         try {
             documentBuilderFactory = DocumentBuilderFactory.newInstance();
             documentBuilderFactory.setNamespaceAware(true);
+            documentBuilderFactory.setExpandEntityReferences(false);
             documentBuilder = documentBuilderFactory.newDocumentBuilder();
         } catch(ParserConfigurationException e) {
             throw new ServletException

diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index fc39388..0f8578b 100644 (file)
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -159,6 +159,10 @@
         Fix WebDAV Servlet so it works correctly with MS clients. (markt)
       </fix>
       <fix>
+        Fix CVE-2007-5461, an important information disclosure vulnerability in
+        the WebDAV Servlet. (markt)
+      </fix>
+      <fix>
         <bug>42979</bug>: Update sample.war to include recent security fixes
         in the source code. (markt)
       </fix>