2.6 Low
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:H/Au:N/C:P/I:N/A:N
0.002 Low
EPSS
Percentile
57.4%
mod_jk is an Apache Tomcat connector that allows Apache Tomcat and the
Apache HTTP Server to communicate with each other.
An information disclosure flaw was found in mod_jk. In certain situations,
if a faulty client set the βContent-Lengthβ header without providing data,
or if a user sent repeated requests very quickly, one user may view a
response intended for another user. (CVE-2008-5519)
Note: Red Hat Network Satellite Server is the only client that has access
to mod_jk on the system, and as such, the exposure and risk of this issue
is low.
Users of Red Hat Network Satellite Server 5.1 and 5.2 are advised to
upgrade to this updated mod_jk package, which contains a backported patch
to correct this issue.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | any | x86_64 | mod_jk-ap20 | <Β 1.2.25-10 | mod_jk-ap20-1.2.25-10.x86_64.rpm |
RedHat | any | i386 | mod_jk-ap20 | <Β 1.2.25-10 | mod_jk-ap20-1.2.25-10.i386.rpm |
RedHat | any | s390 | mod_jk-ap20 | <Β 1.2.25-10 | mod_jk-ap20-1.2.25-10.s390.rpm |
RedHat | any | s390x | mod_jk-ap20 | <Β 1.2.25-10 | mod_jk-ap20-1.2.25-10.s390x.rpm |