CVE-2008-5519
Published: 9 April 2009
The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving (1) a request from a different client that included a Content-Length header but no POST data or (2) a rapid series of requests, related to noncompliance with the AJP protocol's requirements for requests containing Content-Length headers.
Priority
Status
Package | Release | Status |
---|---|---|
libapache-mod-jk Launchpad, Ubuntu, Debian |
dapper |
Ignored
(end of life)
|
hardy |
Ignored
(end of life)
|
|
intrepid |
Released
(1:1.2.26-2+lenny1build0.8.10.1)
|
|
jaunty |
Released
(1:1.2.26-2+lenny1build0.9.04.1)
|
|
karmic |
Not vulnerable
(1:1.2.26-2.1)
|
|
lucid |
Not vulnerable
(1:1.2.26-2.1)
|
|
maverick |
Not vulnerable
(1:1.2.26-2.1)
|
|
natty |
Not vulnerable
(1:1.2.26-2.1)
|
|
oneiric |
Not vulnerable
(1:1.2.26-2.1)
|
|
upstream |
Released
(1:1.2.26-2.1)
|