mod_jk is an Apache Tomcat connector that allows Apache Tomcat and the
Apache HTTP Server to communicate with each other.
An information disclosure flaw was found in mod_jk. In certain situations,
if a faulty client set the βContent-Lengthβ header without providing data,
or if a user sent repeated requests very quickly, one user may view a
response intended for another user. (CVE-2008-5519)
All mod_jk users are advised to upgrade to these updated packages. They
provide mod_jk 1.2.28, which is not vulnerable to this issue.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | any | ppc | mod_jk-ap20 | <Β 1.2.28-1jpp_3rh | mod_jk-ap20-1.2.28-1jpp_3rh.ppc.rpm |
RedHat | any | i386 | mod_jk-manual | <Β 1.2.28-1jpp_3rh | mod_jk-manual-1.2.28-1jpp_3rh.i386.rpm |
RedHat | any | i386 | mod_jk-ap20 | <Β 1.2.28-1jpp_3rh | mod_jk-ap20-1.2.28-1jpp_3rh.i386.rpm |
RedHat | any | x86_64 | mod_jk-manual | <Β 1.2.28-1jpp_3rh | mod_jk-manual-1.2.28-1jpp_3rh.x86_64.rpm |
RedHat | any | ppc | mod_jk-manual | <Β 1.2.28-1jpp_3rh | mod_jk-manual-1.2.28-1jpp_3rh.ppc.rpm |
RedHat | any | ia64 | mod_jk-manual | <Β 1.2.28-1jpp_3rh | mod_jk-manual-1.2.28-1jpp_3rh.ia64.rpm |
RedHat | any | x86_64 | mod_jk-ap20 | <Β 1.2.28-1jpp_3rh | mod_jk-ap20-1.2.28-1jpp_3rh.x86_64.rpm |
RedHat | any | ia64 | mod_jk-ap20 | <Β 1.2.28-1jpp_3rh | mod_jk-ap20-1.2.28-1jpp_3rh.ia64.rpm |