2.6 Low
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:H/Au:N/C:P/I:N/A:N
0.002 Low
EPSS
Percentile
57.4%
mod_jk is an Apache Tomcat connector that allows Apache Tomcat and the
Apache HTTP Server to communicate with each other.
An information disclosure flaw was found in mod_jk. In certain situations,
if a faulty client set the “Content-Length” header without providing data,
or if a user sent repeated requests very quickly, one user may view a
response intended for another user. (CVE-2008-5519)
All mod_jk users are advised to upgrade to these updated packages. They
provide mod_jk 1.2.28, which is not vulnerable to this issue.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | any | ppc | mod_jk-ap20 | < 1.2.28-1jpp_3rh | mod_jk-ap20-1.2.28-1jpp_3rh.ppc.rpm |
RedHat | any | i386 | mod_jk-manual | < 1.2.28-1jpp_3rh | mod_jk-manual-1.2.28-1jpp_3rh.i386.rpm |
RedHat | any | i386 | mod_jk-ap20 | < 1.2.28-1jpp_3rh | mod_jk-ap20-1.2.28-1jpp_3rh.i386.rpm |
RedHat | any | x86_64 | mod_jk-manual | < 1.2.28-1jpp_3rh | mod_jk-manual-1.2.28-1jpp_3rh.x86_64.rpm |
RedHat | any | ppc | mod_jk-manual | < 1.2.28-1jpp_3rh | mod_jk-manual-1.2.28-1jpp_3rh.ppc.rpm |
RedHat | any | ia64 | mod_jk-manual | < 1.2.28-1jpp_3rh | mod_jk-manual-1.2.28-1jpp_3rh.ia64.rpm |
RedHat | any | x86_64 | mod_jk-ap20 | < 1.2.28-1jpp_3rh | mod_jk-ap20-1.2.28-1jpp_3rh.x86_64.rpm |
RedHat | any | ia64 | mod_jk-ap20 | < 1.2.28-1jpp_3rh | mod_jk-ap20-1.2.28-1jpp_3rh.ia64.rpm |