Vulnerability Solutions
 |
added scans last 7 days |
| The Nimsoft Cloud Monitor Periodic Vulnerability Scan checks for the vulnerability below. To see the most recently added vulnerability solutions that are scanned by WatchMouse, go to the Vulnerability Solutions overview |
| Category: Gentoo Local Security Checks | Risk factor: Low | Added: 1 Jul 2009 |
| Synopsis: The remote host is missing the GLSA-200906-04 security update. Description: The remote host is affected by the vulnerability described in GLSA-200906-04 (Apache Tomcat JK Connector: Information disclosure) The Red Hat Security Response Team discovered that mod_jk does not properly handle (1) requests setting the "Content-Length" header while not providing data and (2) clients sending repeated requests very quickly. Impact A remote attacker could send specially crafted requests or a large number of requests at a time, possibly resulting in the disclosure of a response intended for another client. Workaround There is no known workaround at this time. See also: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5519 http://www.gentoo.org/security/en/glsa/glsa-200906-04.xml Solution: All Apache Tomcat JK Connector users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-apache/mod_jk-1.2.27" Risk factor: Low / CVSS Base Score : 2.6 (CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N) |
||
