Test Kennung:	1.3.6.1.4.1.25623.1.0.800277
Kategorie:	Web Servers
Titel:	Apache Tomcat JK Connector (mod_jk) 1.2.0 - 1.2.26 Information Disclosure Vulnerability
Zusammenfassung:	Apache Tomcat JK Connector (mod_jk) is prone to an information; disclosure vulnerability.
Beschreibung:	Summary: Apache Tomcat JK Connector (mod_jk) is prone to an information disclosure vulnerability. Vulnerability Insight: This flaw is due to: - an error when handling empty POST requests with a non-zero 'Content-Length' header. - an error while handling multiple noncompliant AJP protocol related requests. Vulnerability Impact: This issue can be exploited to disclose response data associated with the request of a different user via specially crafted HTTP requests and to gain sensitive information about the remote host. Affected Software/OS: Apache Tomcat JK Connector (mod_jk) version 1.2.0 through 1.2.26. Solution: Update to version 1.2.27 or later. CVSS Score: 2.6 CVSS Vector: AV:N/AC:H/Au:N/C:P/I:N/A:N
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2008-5519 1022001 http://securitytracker.com/id?1022001 20090407 [SECURITY] CVE-2008-5519: Apache Tomcat mod_jk information disclosure vulnerability http://www.securityfocus.com/archive/1/502530/100/0/threaded 262468 http://sunsolve.sun.com/search/document.do?assetkey=1-26-262468-1 29283 http://secunia.com/advisories/29283 34412 http://www.securityfocus.com/bid/34412 34621 http://secunia.com/advisories/34621 35537 http://secunia.com/advisories/35537 ADV-2009-0973 http://www.vupen.com/english/advisories/2009/0973 DSA-1810 http://www.debian.org/security/2009/dsa-1810 RHSA-2009:0446 http://www.redhat.com/support/errata/RHSA-2009-0446.html SUSE-SR:2009:018 http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html [oss-security] 20090408 CVE-2008-5519: mod_jk session information leak vulnerability http://www.openwall.com/lists/oss-security/2009/04/08/10 [tomcat-dev] 20090407 [SECURITY] CVE-2008-5519: Apache Tomcat mod_jk information disclosure vulnerability http://marc.info/?l=tomcat-dev&m=123913700700879 [tomcat-dev] 20190319 svn commit: r1855831 [26/30] - in /tomcat/site/trunk: ./ docs/ xdocs/ https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3E [tomcat-dev] 20190325 svn commit: r1856174 [25/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/ https://lists.apache.org/thread.html/8d2a579bbd977c225c70cb23b0ec54865fb0dab5da3eff1e060c9935%40%3Cdev.tomcat.apache.org%3E [tomcat-dev] 20190413 svn commit: r1857494 [18/20] - in /tomcat/site/trunk: ./ docs/ xdocs/ https://lists.apache.org/thread.html/277d42b48b6e9aef50949c0dcc79ce21693091d73da246b3c1981925%40%3Cdev.tomcat.apache.org%3E [tomcat-dev] 20190415 svn commit: r1857582 [20/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/ https://lists.apache.org/thread.html/5b7a23e245c93235c503900da854a143596d901bf1a1f67e851a5de4%40%3Cdev.tomcat.apache.org%3E [tomcat-dev] 20200203 svn commit: r1873527 [26/30] - /tomcat/site/trunk/docs/ https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3E [tomcat-dev] 20200213 svn commit: r1873980 [30/34] - /tomcat/site/trunk/docs/ https://lists.apache.org/thread.html/r5c616dfc49156e4b06ffab842800c80f4425924d0f20c452c127a53c%40%3Cdev.tomcat.apache.org%3E [www-announce] 20090407 [SECURITY] CVE-2008-5519: Apache Tomcat mod_jk information disclosure vulnerability http://mail-archives.apache.org/mod_mbox/www-announce/200904.mbox/%3C49DBBAC0.2080400%40apache.org%3E http://svn.eu.apache.org/viewvc/tomcat/connectors/trunk/jk/native/common/jk_ajp_common.c?r1=702387&r2=702540&pathrev=702540&diff_format=h http://svn.eu.apache.org/viewvc/tomcat/connectors/trunk/jk/xdocs/miscellaneous/changelog.xml?view=markup&pathrev=702540 http://svn.eu.apache.org/viewvc?view=rev&revision=702540 http://tomcat.apache.org/connectors-doc/miscellaneous/changelog.html http://tomcat.apache.org/security-jk.html https://bugzilla.redhat.com/show_bug.cgi?id=490201
Copyright	Copyright (C) 2009 Greenbone Networks GmbH

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.