2.6 Low
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:H/Au:N/C:P/I:N/A:N
0.002 Low
EPSS
Percentile
57.4%
mod_jk is an Apache Tomcat connector that allows Apache Tomcat and the
Apache HTTP Server to communicate with each other.
An information disclosure flaw was found in mod_jk. In certain situations,
if a faulty client set the βContent-Lengthβ header without providing data,
or if a user sent repeated requests very quickly, one user may view a
response intended for another user. (CVE-2008-5519)
As well, the sample configuration files provided in the documentation have
been updated to reflect recommended practice.
All mod_jk users are advised to upgrade to this updated package. It
provides mod_jk 1.2.28, which is not vulnerable to this issue.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 5 | x86_64 | mod_jk-ap20 | <Β 1.2.28-1.el5s2 | mod_jk-ap20-1.2.28-1.el5s2.x86_64.rpm |
RedHat | 5 | i386 | mod_jk-ap20 | <Β 1.2.28-1.el5s2 | mod_jk-ap20-1.2.28-1.el5s2.i386.rpm |