|Category:||Debian Local Security Checks|
|Title:||Debian Security Advisory DSA 1312-1 (libapache-mod-jk)|
|Summary:||Debian Security Advisory DSA 1312-1 (libapache-mod-jk)|
The remote host is missing an update to libapache-mod-jk
announced via advisory DSA 1312-1.
It was discovered that the Apache 1.3 connector for the Tomcat Java
servlet engine decoded request URLs multiple times, which can lead
to information disclosure.
For the oldstable distribution (sarge) this problem has been fixed in
version 1.2.5-2sarge1. An updated package for powerpc is not yet
available due to problems with the build host. It will be provided
For the stable distribution (etch) this problem has been fixed in
For the unstable distribution (sid) this problem has been fixed in
We recommend that you upgrade your libapache-mod-jk package.
Common Vulnerability Exposure (CVE) ID: CVE-2007-1860|
Debian Security Information: DSA-1312 (Google Search)
HPdes Security Advisory: HPSBUX02262
HPdes Security Advisory: SSRT071447
SuSE Security Announcement: SUSE-SR:2008:005 (Google Search)
BugTraq ID: 24147
BugTraq ID: 25159
XForce ISS Database: tomcat-jkconnector-security-bypass(34496)
|Copyright||Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com|
|This is only one of 58880 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.