CVE-2008-5519

Impact:
Important
Public Date:
2008-10-28
Bugzilla:
490201: CVE-2008-5519 mod_jk: session information leak

The MITRE CVE dictionary describes this issue as:

The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving (1) a request from a different client that included a Content-Length header but no POST data or (2) a rapid series of requests, related to noncompliance with the AJP protocol's requirements for requests containing Content-Length headers.

Find out more about CVE-2008-5519 from the MITRE CVE dictionary dictionary and NIST NVD.

Red Hat Security Errata

Platform Errata Release Date
Red Hat Application Server v2 4AS (mod_jk) RHSA-2009:1087 2009-06-09
Red Hat Satellite 5.1 (RHEL v.4 AS) (mod_jk) RHSA-2009:1618 2009-11-30
Red Hat Satellite 5.2 (RHEL v.4 AS) (mod_jk) RHSA-2009:1618 2009-11-30
Red Hat Application Stack v2 for Enterprise Linux (v.5) (mod_jk) RHSA-2009:0446 2009-04-23

This page is generated automatically and has not been checked for errors or omissions.

For clarification or corrections please contact Red Hat Product Security.

Last Modified

CVE description copyright © 2017, The MITRE Corporation

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.