Lucene search

K
redhatRedHatRHSA-2009:0446
HistoryApr 23, 2009 - 12:00 a.m.

(RHSA-2009:0446) Important: mod_jk security update

2009-04-2300:00:00
access.redhat.com
21

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

57.4%

mod_jk is an Apache Tomcat connector that allows Apache Tomcat and the
Apache HTTP Server to communicate with each other.

An information disclosure flaw was found in mod_jk. In certain situations,
if a faulty client set the β€œContent-Length” header without providing data,
or if a user sent repeated requests very quickly, one user may view a
response intended for another user. (CVE-2008-5519)

As well, the sample configuration files provided in the documentation have
been updated to reflect recommended practice.

All mod_jk users are advised to upgrade to this updated package. It
provides mod_jk 1.2.28, which is not vulnerable to this issue.

OSVersionArchitecturePackageVersionFilename
RedHat5x86_64mod_jk-ap20<Β 1.2.28-1.el5s2mod_jk-ap20-1.2.28-1.el5s2.x86_64.rpm
RedHat5i386mod_jk-ap20<Β 1.2.28-1.el5s2mod_jk-ap20-1.2.28-1.el5s2.i386.rpm

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

57.4%