Lösungen für Schwachstellen

Die regelmäßigen Schwachstellenüberprüfungen von WatchMouse suchen die folgende Schwachstelle. Auf der Überblickseite Lösungen für Schwachstellen können Sie die zuletzt hinzugefügten Lösungen für Schwachstellen, die von WatchMouse überprüft werden, einsehen.

Kategorie: Gentoo Local Security Checks Risikofaktor: Low Hinzugefügt am: 1 Jul 2009
Synopsis:

The remote host is missing the GLSA-200906-04 security update.

Description:

The remote host is affected by the vulnerability described in GLSA-200906-04 (Apache Tomcat JK Connector: Information disclosure)


The Red Hat Security Response Team discovered that mod_jk does not properly handle (1) requests setting the "Content-Length" header while
not providing data and (2) clients sending repeated requests very quickly.

Impact

A remote attacker could send specially crafted requests or a large number of requests at a time, possibly resulting in the disclosure of a response intended for another client.

Workaround

There is no known workaround at this time.

See also:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5519
http://www.gentoo.org/security/en/glsa/glsa-200906-04.xml

Solution:

All Apache Tomcat JK Connector users should upgrade to the latest
version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-apache/mod_jk-1.2.27"

Risk factor:

Low / CVSS Base Score : 2.6
(CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N)