Solutions de vulnérabilité

L'analyse périodique de vulnérabilité WatchMouse vérifie la vulnérabilité ci-dessous. Pour connaître les solutions de vulnérabilité les plus récemment ajoutées analysées par WatchMouse, rendez-vous sur la vue d'ensemble Solutions de vulnérabilité

Catégorie: Gentoo Local Security Checks Facteur de risque: Low Ajouté: 1 jui 2009
Synopsis:

The remote host is missing the GLSA-200906-04 security update.

Description:

The remote host is affected by the vulnerability described in GLSA-200906-04 (Apache Tomcat JK Connector: Information disclosure)


The Red Hat Security Response Team discovered that mod_jk does not properly handle (1) requests setting the "Content-Length" header while
not providing data and (2) clients sending repeated requests very quickly.

Impact

A remote attacker could send specially crafted requests or a large number of requests at a time, possibly resulting in the disclosure of a response intended for another client.

Workaround

There is no known workaround at this time.

See also:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5519
http://www.gentoo.org/security/en/glsa/glsa-200906-04.xml

Solution:

All Apache Tomcat JK Connector users should upgrade to the latest
version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-apache/mod_jk-1.2.27"

Risk factor:

Low / CVSS Base Score : 2.6
(CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N)