ID de Prueba:	1.3.6.1.4.1.25623.1.0.800277
Categoría:	Web Servers
Título:	Apache Tomcat JK Connector (mod_jk) 1.2.0 - 1.2.26 Information Disclosure Vulnerability
Resumen:	Apache Tomcat JK Connector (mod_jk) is prone to an information; disclosure vulnerability.
Descripción:	Summary: Apache Tomcat JK Connector (mod_jk) is prone to an information disclosure vulnerability. Vulnerability Insight: This flaw is due to: - an error when handling empty POST requests with a non-zero 'Content-Length' header. - an error while handling multiple noncompliant AJP protocol related requests. Vulnerability Impact: This issue can be exploited to disclose response data associated with the request of a different user via specially crafted HTTP requests and to gain sensitive information about the remote host. Affected Software/OS: Apache Tomcat JK Connector (mod_jk) version 1.2.0 through 1.2.26. Solution: Update to version 1.2.27 or later. CVSS Score: 2.6 CVSS Vector: AV:N/AC:H/Au:N/C:P/I:N/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2008-5519 1022001 http://securitytracker.com/id?1022001 20090407 [SECURITY] CVE-2008-5519: Apache Tomcat mod_jk information disclosure vulnerability http://www.securityfocus.com/archive/1/502530/100/0/threaded 262468 http://sunsolve.sun.com/search/document.do?assetkey=1-26-262468-1 29283 http://secunia.com/advisories/29283 34412 http://www.securityfocus.com/bid/34412 34621 http://secunia.com/advisories/34621 35537 http://secunia.com/advisories/35537 ADV-2009-0973 http://www.vupen.com/english/advisories/2009/0973 DSA-1810 http://www.debian.org/security/2009/dsa-1810 RHSA-2009:0446 http://www.redhat.com/support/errata/RHSA-2009-0446.html SUSE-SR:2009:018 http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html [oss-security] 20090408 CVE-2008-5519: mod_jk session information leak vulnerability http://www.openwall.com/lists/oss-security/2009/04/08/10 [tomcat-dev] 20090407 [SECURITY] CVE-2008-5519: Apache Tomcat mod_jk information disclosure vulnerability http://marc.info/?l=tomcat-dev&m=123913700700879 [tomcat-dev] 20190319 svn commit: r1855831 [26/30] - in /tomcat/site/trunk: ./ docs/ xdocs/ https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3E [tomcat-dev] 20190325 svn commit: r1856174 [25/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/ https://lists.apache.org/thread.html/8d2a579bbd977c225c70cb23b0ec54865fb0dab5da3eff1e060c9935%40%3Cdev.tomcat.apache.org%3E [tomcat-dev] 20190413 svn commit: r1857494 [18/20] - in /tomcat/site/trunk: ./ docs/ xdocs/ https://lists.apache.org/thread.html/277d42b48b6e9aef50949c0dcc79ce21693091d73da246b3c1981925%40%3Cdev.tomcat.apache.org%3E [tomcat-dev] 20190415 svn commit: r1857582 [20/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/ https://lists.apache.org/thread.html/5b7a23e245c93235c503900da854a143596d901bf1a1f67e851a5de4%40%3Cdev.tomcat.apache.org%3E [tomcat-dev] 20200203 svn commit: r1873527 [26/30] - /tomcat/site/trunk/docs/ https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3E [tomcat-dev] 20200213 svn commit: r1873980 [30/34] - /tomcat/site/trunk/docs/ https://lists.apache.org/thread.html/r5c616dfc49156e4b06ffab842800c80f4425924d0f20c452c127a53c%40%3Cdev.tomcat.apache.org%3E [www-announce] 20090407 [SECURITY] CVE-2008-5519: Apache Tomcat mod_jk information disclosure vulnerability http://mail-archives.apache.org/mod_mbox/www-announce/200904.mbox/%3C49DBBAC0.2080400%40apache.org%3E http://svn.eu.apache.org/viewvc/tomcat/connectors/trunk/jk/native/common/jk_ajp_common.c?r1=702387&r2=702540&pathrev=702540&diff_format=h http://svn.eu.apache.org/viewvc/tomcat/connectors/trunk/jk/xdocs/miscellaneous/changelog.xml?view=markup&pathrev=702540 http://svn.eu.apache.org/viewvc?view=rev&revision=702540 http://tomcat.apache.org/connectors-doc/miscellaneous/changelog.html http://tomcat.apache.org/security-jk.html https://bugzilla.redhat.com/show_bug.cgi?id=490201
Copyright	Copyright (C) 2009 Greenbone Networks GmbH

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.