HomePentest-Tools.com Logo

Apache Tomcat JK Connector (mod_jk) 1.2.0 - 1.2.26 Information Disclosure Vulnerability CVE-2008-5519

Severity
Not available
CVSSv3 Score
Not available
Vulnerability description

Apache Tomcat JK Connector (mod_jk) is prone to an information disclosure vulnerability.

Risk description

This flaw is due to: - an error when handling empty POST requests with a non-zero Content-Length header. - an error while handling multiple noncompliant AJP protocol related requests. This issue can be exploited to disclose response data associated with the request of a different user via specially crafted HTTP requests and to gain sensitive information about the remote host.

Recommendation

Update to version 1.2.27 or later.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Apr 9, 2009
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available