(RHSA-2009:0446) Important: mod_jk security update

2009-04-23T04:00:00
ID RHSA-2009:0446
Type redhat
Reporter RedHat
Modified 2019-03-22T23:44:57

Description

mod_jk is an Apache Tomcat connector that allows Apache Tomcat and the Apache HTTP Server to communicate with each other.

An information disclosure flaw was found in mod_jk. In certain situations, if a faulty client set the "Content-Length" header without providing data, or if a user sent repeated requests very quickly, one user may view a response intended for another user. (CVE-2008-5519)

As well, the sample configuration files provided in the documentation have been updated to reflect recommended practice.

All mod_jk users are advised to upgrade to this updated package. It provides mod_jk 1.2.28, which is not vulnerable to this issue.