April 08, 2009
07 April 2009 - CVE-2008-5519: Apache Tomcat mod_jk information disclosure vulnerability
CVE-2008-5519: Apache Tomcat mod_jk information disclosure vulnerability
Severity: important
Vendor: The Apache Software Foundation
Versions Affected:
mod_jk 1.2.0 to 1.2.26
Description:
Situations where faulty clients set Content-Length without providing
data, or where a user submits repeated requests very quickly may permit
one user to view the response associated with a different user's request.
Mitigation:
Upgrade to mod_jk 1.2.27 or later
Example:
See description
Credit:
This issue was discovered by the Red Hat Security Response Team
References:
http://tomcat.apache.org/security.html
http://tomcat.apache.org/security-jk.html
The Apache Tomcat Security Team
----Project Info -- Apache Tomcat Connectors
Apache Tomcat Connector (mod_jk)
Releases can be downloaded from http://tomcat.apache.org/download-connectors.cgi
Project Website http://tomcat.apache.org/connectors-doc/ Programming Languages Java Categories httpd-module Mailing Lists http://tomcat.apache.org/lists.html Bug/Issue Tracker http://issues.apache.org/bugzilla/enter_bug.cgi?product=Tomcat%206 Project Management Committee Apache Tomcat Access to the source code:
Browse http://svn.apache.org/viewvc/tomcat/connectors/trunk/ SVN Direct http://svn.apache.org/repos/asf/tomcat/connectors/trunk/
http://www.apachenews.org/archives/001300.html
[ Category : Apache Tomcat ] (PDF)(XML)
.JP Domain
Adult Costumes
drivers downloads
Wholesale
Laser Printers
furniture
Drug and Alcohol Treatment
Forex Trading information
