mod_jk is an Apache Tomcat connector that allows Apache Tomcat and the Apache HTTP Server to communicate with each other.
An information disclosure flaw was found in mod_jk. In certain situations, if a faulty client set the "Content-Length" header without providing data, or if a user sent repeated requests very quickly, one user may view a response intended for another user. (CVE-2008-5519)
As well, the sample configuration files provided in the documentation have been updated to reflect recommended practice.
All mod_jk users are advised to upgrade to this updated package. It provides mod_jk 1.2.28, which is not vulnerable to this issue.