[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SECURITY] CVE-2008-5519: Apache Tomcat mod_jk information disclosure vulnerability
- To: Tomcat Users List <users@xxxxxxxxxxxxxxxxx>, Tomcat Developers List <dev@xxxxxxxxxxxxxxxxx>, bugtraq@xxxxxxxxxxxxxxxxx, full-disclosure@xxxxxxxxxxxxxxxxx, announce@xxxxxxxxxx
- Subject: [SECURITY] CVE-2008-5519: Apache Tomcat mod_jk information disclosure vulnerability
- From: Mark Thomas <markt@xxxxxxxxxx>
- Date: Tue, 07 Apr 2009 21:42:40 +0100
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Vulnerability announcement:
CVE-2008-5519: Apache Tomcat mod_jk information disclosure vulnerability
Severity: important
Vendor: The Apache Software Foundation
Versions Affected:
mod_jk 1.2.0 to 1.2.26
Description:
Situations where faulty clients set Content-Length without providing
data, or where a user submits repeated requests very quickly may permit
one user to view the response associated with a different user's request.
Mitigation:
Upgrade to mod_jk 1.2.27 or later
Example:
See description
Credit:
This issue was discovered by the Red Hat Security Response Team
References:
http://tomcat.apache.org/security.html
http://tomcat.apache.org/security-jk.html
The Apache Tomcat Security Team
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFJ27rAb7IeiTPGAkMRAlsDAJ9qqKPiFnh+rxaxzMZmKIFA5Q5r5QCg2N84
OzL54gpA6e272kokWjK4wZU=
=GKVO
-----END PGP SIGNATURE-----