Apache News Online: 07 April 2009 - CVE-2008-5519: Apache Tomcat mod

« 03 April 2009 - Apavhe PyLucene 2.4.1-1 released | Main

April 08, 2009

07 April 2009 - CVE-2008-5519: Apache Tomcat mod_jk information disclosure vulnerability

CVE-2008-5519: Apache Tomcat mod_jk information disclosure vulnerability

Severity: important

Vendor: The Apache Software Foundation

Versions Affected:
mod_jk 1.2.0 to 1.2.26

Description:
Situations where faulty clients set Content-Length without providing
data, or where a user submits repeated requests very quickly may permit
one user to view the response associated with a different user's request.

Mitigation:
Upgrade to mod_jk 1.2.27 or later

Example:
See description

Credit:
This issue was discovered by the Red Hat Security Response Team

References:
http://tomcat.apache.org/security.html
http://tomcat.apache.org/security-jk.html

The Apache Tomcat Security Team

---- Posted by Tetsuya Kitahata at April 8, 2009 01:39 AM
http://www.apachenews.org/archives/001300.html
[ Category : Apache Tomcat ] (PDF)(XML)