Apache Tomcat Mod_jk Information Disclosure Vulnerability Network Vulnerability

Summary

This host is running Apache Tomcat with mod_jk Module and is prone to Information Disclosure vulnerability.

Impact

This issue can be exploited to disclose response data associated with the request of a different user via specially crafted HTTP requests and to gain sensitive information about the remote host. Impact Level: Application

Solution

Upgrade to mod_jk 1.2.27 or later. http://svn.eu.apache.org/viewvc?view=rev&revision=702540

Insight

This flaw is due to - an error when handling empty POST requests with a non-zero 'Content-Length' header. - an error while handling multiple noncompliant AJP protocol related requests.

Affected

Apache Tomcat mod_jk version 1.2.0 to 1.2.26

References

http://marc.info/?l=tomcat-dev&m=123913700700879
http://secunia.com/advisories/34621
http://securitytracker.com/alerts/2009/Apr/1022001.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2008-5519

CVSS	Base Score: 2.6 AV:N/AC:H/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Atlassian Confluence Multiple Cross Site Scripting Vulnerabilities
PunBB detection
Interchange HTTP Response Splitting Vulnerability
PHP display_errors Cross-Site Scripting Vulnerability
OTRS Rich-text-editor XSS Vulnerability

Apache Tomcat mod_jk Information Disclosure Vulnerability

Take action and discover your vulnerabilities