Vulnerability Solutions

The WatchMouse Periodic Vulnerability Scan checks for the vulnerability below. To see the most recently added vulnerability solutions that are scanned by WatchMouse, go to the Vulnerability Solutions overview

[GLSA-200906-04] Apache Tomcat JK Connector: Information disclosure
Category: Gentoo Local Security Checks	Risk factor: Low	Added: 1 Jul 2009
Synopsis: The remote host is missing the GLSA-200906-04 security update. Description: The remote host is affected by the vulnerability described in GLSA-200906-04 (Apache Tomcat JK Connector: Information disclosure) The Red Hat Security Response Team discovered that mod_jk does not properly handle (1) requests setting the "Content-Length" header while not providing data and (2) clients sending repeated requests very quickly. Impact A remote attacker could send specially crafted requests or a large number of requests at a time, possibly resulting in the disclosure of a response intended for another client. Workaround There is no known workaround at this time. See also: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5519 http://www.gentoo.org/security/en/glsa/glsa-200906-04.xml Solution: All Apache Tomcat JK Connector users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-apache/mod_jk-1.2.27" Risk factor: Low / CVSS Base Score : 2.6 (CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N)