CVE-2008-5519

Apache Tomcat JK Connector 1.2.0-1.2.26 - Info Disclosure

Title source: llm
STIX 2.1

Description

The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving (1) a request from a different client that included a Content-Length header but no POST data or (2) a rapid series of requests, related to noncompliance with the AJP protocol's requirements for requests containing Content-Length headers.

References (26)

Core 26
Core References
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2009/0973
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2009-0446.html
Vendor Advisory x_refsource_confirm
http://svn.eu.apache.org/viewvc?view=rev&revision=702540
Vendor Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=490201
Vendor Advisory x_refsource_confirm
http://tomcat.apache.org/security-jk.html
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/34621
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1022001
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/34412
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2009/04/08/10
Mailing List mailing-list x_refsource_mlist
http://marc.info/?l=tomcat-dev&m=123913700700879
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/502530/100/0/threaded
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/29283
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/35537
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2009/dsa-1810
Vendor Advisory vendor-advisory x_refsource_sunalert
http://sunsolve.sun.com/search/document.do?assetkey=1-26-262468-1

Scores

EPSS 0.0726
EPSS Percentile 93.6%

Details

CWE
CWE-200
Status published
Products (48)
apache/mod_jk 1.2
apache/mod_jk 1.2.1
apache/mod_jk 1.2.6
apache/mod_jk 1.2.7
apache/mod_jk 1.2.8
apache/mod_jk 1.2.9
apache/mod_jk 1.2.10
apache/mod_jk 1.2.11
apache/mod_jk 1.2.12
apache/mod_jk 1.2.13
... and 38 more
Published Apr 09, 2009
Tracked Since Feb 18, 2026