| Summary: | The remote host is missing updates announced in;advisory RHSA-2009:0446.;;mod_jk is an Apache Tomcat connector that allows Apache Tomcat and the;Apache HTTP Server to communicate with each other.;;An information disclosure flaw was found in mod_jk. In certain situations,;if a faulty client set the Content-Length header without providing data,;or if a user sent repeated requests very quickly, one user may view a;response intended for another user. (CVE-2008-5519);;As well, the sample configuration files provided in the documentation have;been updated to reflect recommended practice.;;All mod_jk users are advised to upgrade to this updated package. It;provides mod_jk 1.2.28, which is not vulnerable to this issue. |
| Description: | Summary:
The remote host is missing updates announced in
advisory RHSA-2009:0446.
mod_jk is an Apache Tomcat connector that allows Apache Tomcat and the
Apache HTTP Server to communicate with each other.
An information disclosure flaw was found in mod_jk. In certain situations,
if a faulty client set the Content-Length header without providing data,
or if a user sent repeated requests very quickly, one user may view a
response intended for another user. (CVE-2008-5519)
As well, the sample configuration files provided in the documentation have
been updated to reflect recommended practice.
All mod_jk users are advised to upgrade to this updated package. It
provides mod_jk 1.2.28, which is not vulnerable to this issue.
Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date
CVSS Score:
2.6
CVSS Vector:
AV:N/AC:H/Au:N/C:P/I:N/A:N
|
