CVE: Common Vulnerabilities and Exposures

Required CVE Record Information

Description

The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving (1) a request from a different client that included a Content-Length header but no POST data or (2) a rapid series of requests, related to noncompliance with the AJP protocol's requirements for requests containing Content-Length headers.

Product Status

Learn more

Information not provided

References 26 Total

Updated: 2024-08-07

This container includes required additional information provided by the CVE Program for this vulnerability.

References 26 Total

vupen.com: ADV-2009-0973
external site
vdb-entryx_transferred
http://tomcat.apache.org/connectors-doc/miscellaneous/changelog.html
external site
x_transferred
secunia.com: 34621
external site
third-party-advisoryx_transferred
lists.opensuse.org: SUSE-SR:2009:018
external site
vendor-advisoryx_transferred
securitytracker.com: 1022001
external site
vdb-entryx_transferred
securityfocus.com: 34412
external site
vdb-entryx_transferred
openwall.com: [oss-security] 20090408 CVE-2008-5519: mod_jk session information leak vulnerability
external site
mailing-listx_transferred
http://svn.eu.apache.org/viewvc/tomcat/connectors/trunk/jk/native/common/jk_ajp_common.c?r1=702387&r2=702540&pathrev=702540&diff_format=h
external site
x_transferred
redhat.com: RHSA-2009:0446
external site
vendor-advisoryx_transferred
mail-archives.apache.org: [www-announce] 20090407 [SECURITY] CVE-2008-5519: Apache Tomcat mod_jk information disclosure vulnerability
external site
mailing-listx_transferred
http://svn.eu.apache.org/viewvc?view=rev&revision=702540
external site
x_transferred
marc.info: [tomcat-dev] 20090407 [SECURITY] CVE-2008-5519: Apache Tomcat mod_jk information disclosure vulnerability
external site
mailing-listx_transferred
securityfocus.com: 20090407 [SECURITY] CVE-2008-5519: Apache Tomcat mod_jk information disclosure vulnerability
external site
mailing-listx_transferred
https://bugzilla.redhat.com/show_bug.cgi?id=490201
external site
x_transferred
secunia.com: 29283
external site
third-party-advisoryx_transferred
http://tomcat.apache.org/security-jk.html
external site
x_transferred
secunia.com: 35537
external site
third-party-advisoryx_transferred
debian.org: DSA-1810
external site
vendor-advisoryx_transferred
sunsolve.sun.com: 262468
external site
vendor-advisoryx_transferred
http://svn.eu.apache.org/viewvc/tomcat/connectors/trunk/jk/xdocs/miscellaneous/changelog.xml?view=markup&pathrev=702540
external site
x_transferred
lists.apache.org: [tomcat-dev] 20190319 svn commit: r1855831 [26/30] - in /tomcat/site/trunk: ./ docs/ xdocs/
external site
mailing-listx_transferred
lists.apache.org: [tomcat-dev] 20190325 svn commit: r1856174 [25/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/
external site
mailing-listx_transferred
lists.apache.org: [tomcat-dev] 20190413 svn commit: r1857494 [18/20] - in /tomcat/site/trunk: ./ docs/ xdocs/
external site
mailing-listx_transferred
lists.apache.org: [tomcat-dev] 20190415 svn commit: r1857582 [20/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/
external site
mailing-listx_transferred
lists.apache.org: [tomcat-dev] 20200203 svn commit: r1873527 [26/30] - /tomcat/site/trunk/docs/
external site
mailing-listx_transferred
lists.apache.org: [tomcat-dev] 20200213 svn commit: r1873980 [30/34] - /tomcat/site/trunk/docs/
external site
mailing-listx_transferred

Common vulnerabilities and Exposures (CVE)

Required CVE Record Information

CNA: Red Hat, Inc.

Description

Product Status

References 26 Total

CVE Program

References 26 Total