RedHat Security Advisory RHSA-2009:1087 Network Vulnerability

Summary

The remote host is missing updates announced in advisory RHSA-2009:1087. mod_jk is an Apache Tomcat connector that allows Apache Tomcat and the Apache HTTP Server to communicate with each other. An information disclosure flaw was found in mod_jk. In certain situations, if a faulty client set the Content-Length header without providing data, or if a user sent repeated requests very quickly, one user may view a response intended for another user. (CVE-2008-5519) All mod_jk users are advised to upgrade to these updated packages. They provide mod_jk 1.2.28, which is not vulnerable to this issue.

Solution

Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date

References

http://rhn.redhat.com/errata/RHSA-2009-1087.html

Updated on 2017-03-28

Severity

Classification

CVE CVE-2008-5519
CVSS Base Score: 2.6
AV:N/AC:H/Au:N/C:P/I:N/A:N

Related Vulnerabilities

RedHat Update for systemtap RHSA-2011:0842-01
RedHat Update for sssd RHSA-2011:0560-01
RedHat Update for qt RHSA-2013:0669-01
RedHat Security Advisory RHSA-2009:0446
RedHat Security Advisory RHSA-2009:1087

Take action and discover your vulnerabilities