Lucene search
RootSSV:5023HistoryApr 10, 2009 - 12:00 a.m.
Apache Tomcat mod_jk Content-Length头信息泄露漏洞
2009-04-1000:00:00
Root
www.seebug.org
81
0.002 Low
EPSS
Percentile
57.5%
BUGTRAQ ID: 34412
CVE(CAN) ID: CVE-2008-5519
Apache Tomcat是一个流行的开放源码的JSP应用服务器程序。
如果恶意客户端向Apache Tomcat服务器的mod_jk模块提交了Content-Length头为空的恶意请求,或在短时间内反复提交相同的请求的话,就可以查看其他用户请求相关的响应。
Apache Group mod_jk 1.2.0 - 1.2.26
Apache Group
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
<a href=“http://httpd.apache.org/” target=“_blank”>http://httpd.apache.org/</a>
Related
nessus
nessus
openSUSE 10 Security Update : apache2-mod_jk (apache2-mod_jk-6599)
2009-11-05 00:00:00
Solaris 9 (sparc) : 114016-08
2004-07-12 00:00:00
openSUSE Security Update : apache2-mod_jk (apache2-mod_jk-1479)
2009-11-05 00:00:00
redhat
redhat
(RHSA-2009:0446) Important: mod_jk security update
2009-04-23 00:00:00
(RHSA-2009:1618) Low: mod_jk security update for Red Hat Network Satellite Server
2009-11-30 00:00:00
(RHSA-2009:1087) Important: mod_jk security update
2009-06-09 00:00:00
openvas
openvas
Apache Tomcat JK Connector (mod_jk) 1.2.0 - 1.2.26 Information Disclosure Vulnerability
2009-04-17 00:00:00
Solaris Update for tomcat security 114016-04
2009-10-13 00:00:00
RedHat Security Advisory RHSA-2009:0446
2009-04-28 00:00:00
tomcat
tomcat
Fixed in Apache Tomcat JK Connector 1.2.27
2008-12-12 00:00:00
veracode
veracode
Information Disclosure
2020-04-10 00:31:35
prion
prion
Design/Logic Flaw
2009-04-09 15:08:00
debiancve
debiancve
CVE-2008-5519
2009-04-09 15:08:00
ubuntucve
ubuntucve
CVE-2008-5519
2009-04-09 00:00:00
securityvulns
securityvulns
[SECURITY] CVE-2008-5519: Apache Tomcat mod_jk information disclosure vulnerability
2009-04-08 00:00:00
Apache mod_jk information leak
2009-04-08 00:00:00
gentoo
gentoo
Apache Tomcat JK Connector: Information disclosure
2009-06-29 00:00:00
debian
debian
cve
cve
CVE-2008-5519
2009-04-09 15:08:00
ibm
ibm