The remote host is missing updates announced in advisory RHSA-2009:0446. mod_jk is an Apache Tomcat connector that allows Apache Tomcat and the Apache HTTP Server to communicate with each other. An information disclosure flaw was found in mod_jk. In certain situations, if a faulty client set the Content-Length header without providing data, or if a user sent repeated requests very quickly, one user may view a response intended for another user. (CVE-2008-5519) As well, the sample configuration files provided in the documentation have been updated to reflect recommended practice. All mod_jk users are advised to upgrade to this updated package. It provides mod_jk 1.2.28, which is not vulnerable to this issue.

Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date

• http://rhn.redhat.com/errata/RHSA-2009-0446.html

---

Updated on 2017-03-28