CVE-2008-5519

Source
https://nvd.nist.gov/vuln/detail/CVE-2008-5519
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2008-5519.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2008-5519
Related
Published
2009-04-09T15:08:35Z
Modified
2024-09-11T02:00:05Z
Summary
[none]
Details

The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving (1) a request from a different client that included a Content-Length header but no POST data or (2) a rapid series of requests, related to noncompliance with the AJP protocol's requirements for requests containing Content-Length headers.

References

Affected packages

Debian:11 / libapache-mod-jk

Package

Name
libapache-mod-jk
Purl
pkg:deb/debian/libapache-mod-jk?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:1.2.26-2.1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / libapache-mod-jk

Package

Name
libapache-mod-jk
Purl
pkg:deb/debian/libapache-mod-jk?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:1.2.26-2.1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / libapache-mod-jk

Package

Name
libapache-mod-jk
Purl
pkg:deb/debian/libapache-mod-jk?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:1.2.26-2.1

Ecosystem specific

{
    "urgency": "not yet assigned"
}