ID de Prueba:	1.3.6.1.4.1.25623.1.0.63870
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2009:0446
Resumen:	The remote host is missing updates announced in;advisory RHSA-2009:0446.;;mod_jk is an Apache Tomcat connector that allows Apache Tomcat and the;Apache HTTP Server to communicate with each other.;;An information disclosure flaw was found in mod_jk. In certain situations,;if a faulty client set the Content-Length header without providing data,;or if a user sent repeated requests very quickly, one user may view a;response intended for another user. (CVE-2008-5519);;As well, the sample configuration files provided in the documentation have;been updated to reflect recommended practice.;;All mod_jk users are advised to upgrade to this updated package. It;provides mod_jk 1.2.28, which is not vulnerable to this issue.
Descripción:	Summary: The remote host is missing updates announced in advisory RHSA-2009:0446. mod_jk is an Apache Tomcat connector that allows Apache Tomcat and the Apache HTTP Server to communicate with each other. An information disclosure flaw was found in mod_jk. In certain situations, if a faulty client set the Content-Length header without providing data, or if a user sent repeated requests very quickly, one user may view a response intended for another user. (CVE-2008-5519) As well, the sample configuration files provided in the documentation have been updated to reflect recommended practice. All mod_jk users are advised to upgrade to this updated package. It provides mod_jk 1.2.28, which is not vulnerable to this issue. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date CVSS Score: 2.6 CVSS Vector: AV:N/AC:H/Au:N/C:P/I:N/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2008-5519 1022001 http://securitytracker.com/id?1022001 20090407 [SECURITY] CVE-2008-5519: Apache Tomcat mod_jk information disclosure vulnerability http://www.securityfocus.com/archive/1/502530/100/0/threaded 262468 http://sunsolve.sun.com/search/document.do?assetkey=1-26-262468-1 29283 http://secunia.com/advisories/29283 34412 http://www.securityfocus.com/bid/34412 34621 http://secunia.com/advisories/34621 35537 http://secunia.com/advisories/35537 ADV-2009-0973 http://www.vupen.com/english/advisories/2009/0973 DSA-1810 http://www.debian.org/security/2009/dsa-1810 RHSA-2009:0446 http://www.redhat.com/support/errata/RHSA-2009-0446.html SUSE-SR:2009:018 http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html [oss-security] 20090408 CVE-2008-5519: mod_jk session information leak vulnerability http://www.openwall.com/lists/oss-security/2009/04/08/10 [tomcat-dev] 20090407 [SECURITY] CVE-2008-5519: Apache Tomcat mod_jk information disclosure vulnerability http://marc.info/?l=tomcat-dev&m=123913700700879 [tomcat-dev] 20190319 svn commit: r1855831 [26/30] - in /tomcat/site/trunk: ./ docs/ xdocs/ https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3E [tomcat-dev] 20190325 svn commit: r1856174 [25/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/ https://lists.apache.org/thread.html/8d2a579bbd977c225c70cb23b0ec54865fb0dab5da3eff1e060c9935%40%3Cdev.tomcat.apache.org%3E [tomcat-dev] 20190413 svn commit: r1857494 [18/20] - in /tomcat/site/trunk: ./ docs/ xdocs/ https://lists.apache.org/thread.html/277d42b48b6e9aef50949c0dcc79ce21693091d73da246b3c1981925%40%3Cdev.tomcat.apache.org%3E [tomcat-dev] 20190415 svn commit: r1857582 [20/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/ https://lists.apache.org/thread.html/5b7a23e245c93235c503900da854a143596d901bf1a1f67e851a5de4%40%3Cdev.tomcat.apache.org%3E [tomcat-dev] 20200203 svn commit: r1873527 [26/30] - /tomcat/site/trunk/docs/ https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3E [tomcat-dev] 20200213 svn commit: r1873980 [30/34] - /tomcat/site/trunk/docs/ https://lists.apache.org/thread.html/r5c616dfc49156e4b06ffab842800c80f4425924d0f20c452c127a53c%40%3Cdev.tomcat.apache.org%3E [www-announce] 20090407 [SECURITY] CVE-2008-5519: Apache Tomcat mod_jk information disclosure vulnerability http://mail-archives.apache.org/mod_mbox/www-announce/200904.mbox/%3C49DBBAC0.2080400%40apache.org%3E http://svn.eu.apache.org/viewvc/tomcat/connectors/trunk/jk/native/common/jk_ajp_common.c?r1=702387&r2=702540&pathrev=702540&diff_format=h http://svn.eu.apache.org/viewvc/tomcat/connectors/trunk/jk/xdocs/miscellaneous/changelog.xml?view=markup&pathrev=702540 http://svn.eu.apache.org/viewvc?view=rev&revision=702540 http://tomcat.apache.org/connectors-doc/miscellaneous/changelog.html http://tomcat.apache.org/security-jk.html https://bugzilla.redhat.com/show_bug.cgi?id=490201
Copyright	Copyright (C) 2009 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.