tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jakob Ericsson <jakob.erics...@gmail.com>
Subject Re: [SECURITY] CVE-2008-5519: Apache Tomcat mod_jk information disclosure vulnerability
Date Fri, 17 Apr 2009 07:14:35 GMT
Hi,

We are also getting this error in mod_proxy_ajp (2.2.11 on Windows)

Anyone know if this is the same fix?
https://issues.apache.org/bugzilla/show_bug.cgi?id=46949

Seems to be fixed.

/Jakob


On Tue, Apr 7, 2009 at 10:42 PM, Mark Thomas <markt@apache.org> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Vulnerability announcement:
> CVE-2008-5519: Apache Tomcat mod_jk information disclosure vulnerability
>
> Severity: important
>
> Vendor: The Apache Software Foundation
>
> Versions Affected:
> mod_jk 1.2.0 to 1.2.26
>
> Description:
> Situations where faulty clients set Content-Length without providing
> data, or where a user submits repeated requests very quickly may permit
> one user to view the response associated with a different user's request.
>
> Mitigation:
> Upgrade to mod_jk 1.2.27 or later
>
> Example:
> See description
>
> Credit:
> This issue was discovered by the Red Hat Security Response Team
>
> References:
> http://tomcat.apache.org/security.html
> http://tomcat.apache.org/security-jk.html
>
> The Apache Tomcat Security Team
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.7 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQFJ27rAb7IeiTPGAkMRAlsDAJ9qqKPiFnh+rxaxzMZmKIFA5Q5r5QCg2N84
> OzL54gpA6e272kokWjK4wZU=
> =GKVO
> -----END PGP SIGNATURE-----
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>



-- 
Jakob Ericsson, JAKERI AB
Tel. +46 704 533 627

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message