Bug#523054: libapache2-mod-jk: [SECURITY] CVE-2008-5519: Apache Tomcat mod_jk
Damien Raude-Morvan
drazzib at drazzib.com
Wed Apr 8 07:19:00 UTC 2009
Package: libapache2-mod-jk
Version: 1:1.2.26-2
Severity: grave
Tags: security
Justification: user security hole
The Apache Tomcat Security Team has released the following advisory :
Vulnerability announcement:
CVE-2008-5519: Apache Tomcat mod_jk information disclosure vulnerability
Severity: important
Vendor: The Apache Software Foundation
Versions Affected:
mod_jk 1.2.0 to 1.2.26
Description:
Situations where faulty clients set Content-Length without providing
data, or where a user submits repeated requests very quickly may permit
one user to view the response associated with a different user's request.
Mitigation:
Upgrade to mod_jk 1.2.27 or later
Example:
See description
Credit:
This issue was discovered by the Red Hat Security Response Team
References:
http://tomcat.apache.org/security.html
http://tomcat.apache.org/security-jk.html
--
Damien Raude-Morvan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-java-maintainers/attachments/20090408/304a6e97/attachment-0001.pgp>
More information about the pkg-java-maintainers
mailing list