TUCoPS :: Web :: Apache :: va3095.htm

Apache Tomcat mod_jk information disclosure vulnerability
CVE-2008-5519: Apache Tomcat mod_jk information disclosure vulnerability
CVE-2008-5519: Apache Tomcat mod_jk information disclosure vulnerability


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Vulnerability announcement:
CVE-2008-5519: Apache Tomcat mod_jk information disclosure vulnerability

Severity: important

Vendor: The Apache Software Foundation

Versions Affected:
mod_jk 1.2.0 to 1.2.26

Description:
Situations where faulty clients set Content-Length without providing
data, or where a user submits repeated requests very quickly may permit
one user to view the response associated with a different user's request.

Mitigation:
Upgrade to mod_jk 1.2.27 or later

Example:
See description

Credit:
This issue was discovered by the Red Hat Security Response Team

References:
http://tomcat.apache.org/security.html 
http://tomcat.apache.org/security-jk.html 

The Apache Tomcat Security Team
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org 

iD8DBQFJ27rAb7IeiTPGAkMRAlsDAJ9qqKPiFnh+rxaxzMZmKIFA5Q5r5QCg2N84
OzL54gpA6e272kokWjK4wZU=GKVO
-----END PGP SIGNATURE-----

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH