CVE-2008-5519
Published: 9 April 2009
The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving (1) a request from a different client that included a Content-Length header but no POST data or (2) a rapid series of requests, related to noncompliance with the AJP protocol's requirements for requests containing Content-Length headers.
Priority
Status
| Package | Release | Status |
|---|---|---|
|
libapache-mod-jk Launchpad, Ubuntu, Debian |
dapper |
Ignored
(end of life)
|
| hardy |
Ignored
(end of life)
|
|
| intrepid |
Released
(1:1.2.26-2+lenny1build0.8.10.1)
|
|
| jaunty |
Released
(1:1.2.26-2+lenny1build0.9.04.1)
|
|
| karmic |
Not vulnerable
(1:1.2.26-2.1)
|
|
| lucid |
Not vulnerable
(1:1.2.26-2.1)
|
|
| maverick |
Not vulnerable
(1:1.2.26-2.1)
|
|
| natty |
Not vulnerable
(1:1.2.26-2.1)
|
|
| oneiric |
Not vulnerable
(1:1.2.26-2.1)
|
|
| upstream |
Released
(1:1.2.26-2.1)
|