Soluzioni per la vulnerabilità

La Scansione Vulnerabilità periodica di WatchMouse verifica le vulnerabilità riportate qui sotto. Per visualizzare le soluzioni per la vulnerabilità più recenti scansionate da WatchMouse, visitare la pagina sulla panoramica delle Soluzioni per la vulnerabilità

Categoria: Gentoo Local Security Checks Fattore di rischio: Low Aggiunto il: 1 lug 2009
Synopsis:

The remote host is missing the GLSA-200906-04 security update.

Description:

The remote host is affected by the vulnerability described in GLSA-200906-04 (Apache Tomcat JK Connector: Information disclosure)


The Red Hat Security Response Team discovered that mod_jk does not properly handle (1) requests setting the "Content-Length" header while
not providing data and (2) clients sending repeated requests very quickly.

Impact

A remote attacker could send specially crafted requests or a large number of requests at a time, possibly resulting in the disclosure of a response intended for another client.

Workaround

There is no known workaround at this time.

See also:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5519
http://www.gentoo.org/security/en/glsa/glsa-200906-04.xml

Solution:

All Apache Tomcat JK Connector users should upgrade to the latest
version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-apache/mod_jk-1.2.27"

Risk factor:

Low / CVSS Base Score : 2.6
(CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N)