Apache Tomcat Mod_jk Information Disclosure Vulnerability Network Vulnerability

Summary

This host is running Apache Tomcat with mod_jk Module and is prone to Information Disclosure vulnerability.

Impact

This issue can be exploited to disclose response data associated with the request of a different user via specially crafted HTTP requests and to gain sensitive information about the remote host. Impact Level: Application

Solution

Upgrade to mod_jk 1.2.27 or later. http://svn.eu.apache.org/viewvc?view=rev&revision=702540

Insight

This flaw is due to - an error when handling empty POST requests with a non-zero 'Content-Length' header. - an error while handling multiple noncompliant AJP protocol related requests.

Affected

Apache Tomcat mod_jk version 1.2.0 to 1.2.26

References

http://marc.info/?l=tomcat-dev&m=123913700700879
http://secunia.com/advisories/34621
http://securitytracker.com/alerts/2009/Apr/1022001.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2008-5519
CVSS Base Score: 2.6
AV:N/AC:H/Au:N/C:P/I:N/A:N

Related Vulnerabilities

RemotelyAnywhere Cross Site Scripting
Mantis 'manage_proj_cat_add.php' HTML Injection Vulnerability
ownCloud Multiple Cross Site Scripting Vulnerabilities -02 May14
Bitweaver 'edit.php' HTML Injection Vulnerability
OTRS installer.pl Password Disclosure Vulnerability

Apache Tomcat mod_jk Information Disclosure Vulnerability

Take action and discover your vulnerabilities