Description
The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving (1) a request from a different client that included a Content-Length header but no POST data or (2) a rapid series of requests, related to noncompliance with the AJP protocol's requirements for requests containing Content-Length headers.
Remediation
References
Related Vulnerabilities
SharePoint CVE-2022-21840 Vulnerability (CVE-2022-21840)
WordPress Plugin Activity Log Information Disclosure (2.2.12)
WordPress Plugin 360 Product Rotation Cross-Site Scripting (1.4.7)
Internet Information Services Other Vulnerability (CVE-1999-0737)
e107 Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2012-6434)