Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-5519

Overview

Vulnerability Score 2.6 2.6
CVE Id CVE-2008-5519
Last Modified 04 May 2010 01:36:44
Published 09 Apr 2009 11:08:35
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2008-5519

Summary

The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving (1) a request from a different client that included a Content-Length header but no POST data or (2) a rapid series of requests, related to noncompliance with the AJP protocol's requirements for requests containing Content-Length headers.

Vulnerable Systems

Application

  • Apache Mod Jk 1.2

  • Apache Mod Jk 1.2.1

  • Apache Mod Jk 1.2.10

  • Apache Mod Jk 1.2.11

  • Apache Mod Jk 1.2.12

  • Apache Mod Jk 1.2.13

  • Apache Mod Jk 1.2.14

  • Apache Mod Jk 1.2.14.1

  • Apache Mod Jk 1.2.15

  • Apache Mod Jk 1.2.16

  • Apache Mod Jk 1.2.17

  • Apache Mod Jk 1.2.18

  • Apache Mod Jk 1.2.19

  • Apache Mod Jk 1.2.20

  • Apache Mod Jk 1.2.21

  • Apache Mod Jk 1.2.22

  • Apache Mod Jk 1.2.23

  • Apache Mod Jk 1.2.24

  • Apache Mod Jk 1.2.25

  • Apache Mod Jk 1.2.26

  • Apache Mod Jk 1.2.6

  • Apache Mod Jk 1.2.7

  • Apache Mod Jk 1.2.8

  • Apache Mod Jk 1.2.9

  • Apache Tomcat 4.0.0

  • Apache Tomcat 4.0.1

  • Apache Tomcat 4.0.2

  • Apache Tomcat 4.0.3

  • Apache Tomcat 4.0.4

  • Apache Tomcat 4.0.5

  • Apache Tomcat 4.0.6

  • Apache Tomcat 4.1.0

  • Apache Tomcat 4.1.1

  • Apache Tomcat 4.1.10

  • Apache Tomcat 4.1.11

  • Apache Tomcat 4.1.12

  • Apache Tomcat 4.1.13

  • Apache Tomcat 4.1.14

  • Apache Tomcat 4.1.15

  • Apache Tomcat 4.1.16

  • Apache Tomcat 4.1.17

  • Apache Tomcat 4.1.18

  • Apache Tomcat 4.1.19

  • Apache Tomcat 4.1.2

  • Apache Tomcat 4.1.20

  • Apache Tomcat 4.1.21

  • Apache Tomcat 4.1.22

  • Apache Tomcat 4.1.23

  • Apache Tomcat 4.1.24

  • Apache Tomcat 4.1.25

  • Apache Tomcat 4.1.26

  • Apache Tomcat 4.1.27

  • Apache Tomcat 4.1.28

  • Apache Tomcat 4.1.29

  • Apache Tomcat 4.1.3

  • Apache Tomcat 4.1.30

  • Apache Tomcat 4.1.31

  • Apache Tomcat 4.1.32

  • Apache Tomcat 4.1.33

  • Apache Tomcat 4.1.34

  • Apache Tomcat 4.1.35

  • Apache Tomcat 4.1.36

  • Apache Tomcat 4.1.4

  • Apache Tomcat 4.1.5

  • Apache Tomcat 4.1.6

  • Apache Tomcat 4.1.7

  • Apache Tomcat 4.1.8

  • Apache Tomcat 4.1.9

  • Apache Tomcat 5.0.0

  • Apache Tomcat 5.0.1

  • Apache Tomcat 5.0.10

  • Apache Tomcat 5.0.11

  • Apache Tomcat 5.0.12

  • Apache Tomcat 5.0.13

  • Apache Tomcat 5.0.14

  • Apache Tomcat 5.0.15

  • Apache Tomcat 5.0.16

  • Apache Tomcat 5.0.17

  • Apache Tomcat 5.0.18

  • Apache Tomcat 5.0.19

  • Apache Tomcat 5.0.2

  • Apache Tomcat 5.0.21

  • Apache Tomcat 5.0.22

  • Apache Tomcat 5.0.23

  • Apache Tomcat 5.0.24

  • Apache Tomcat 5.0.25

  • Apache Tomcat 5.0.26

  • Apache Tomcat 5.0.27

  • Apache Tomcat 5.0.28

  • Apache Tomcat 5.0.29

  • Apache Tomcat 5.0.3

  • Apache Tomcat 5.0.30

  • Apache Tomcat 5.0.4

  • Apache Tomcat 5.0.5

  • Apache Tomcat 5.0.6

  • Apache Tomcat 5.0.7

  • Apache Tomcat 5.0.8

  • Apache Tomcat 5.0.9

  • Apache Tomcat 5.5.0

  • Apache Tomcat 5.5.1

  • Apache Tomcat 5.5.10

  • Apache Tomcat 5.5.11

  • Apache Tomcat 5.5.12

  • Apache Tomcat 5.5.13

  • Apache Tomcat 5.5.14

  • Apache Tomcat 5.5.15

  • Apache Tomcat 5.5.16

  • Apache Tomcat 5.5.17

  • Apache Tomcat 5.5.18

  • Apache Tomcat 5.5.19

  • Apache Tomcat 5.5.2

  • Apache Tomcat 5.5.20

  • Apache Tomcat 5.5.21

  • Apache Tomcat 5.5.22

  • Apache Tomcat 5.5.23

  • Apache Tomcat 5.5.24

  • Apache Tomcat 5.5.25

  • Apache Tomcat 5.5.26

  • Apache Tomcat 5.5.27

  • Apache Tomcat 5.5.3

  • Apache Tomcat 5.5.4

  • Apache Tomcat 5.5.5

  • Apache Tomcat 5.5.6

  • Apache Tomcat 5.5.7

  • Apache Tomcat 5.5.8

  • Apache Tomcat 5.5.9


References

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=490201

VUPEN - ADV-2009-0973

BID - 34412

BUGTRAQ - 20090407 [SECURITY] CVE-2008-5519: Apache Tomcat mod_jk information disclosure vulnerability

REDHAT - RHSA-2009:0446

MLIST - [oss-security] 20090408 CVE-2008-5519: mod_jk session information leak vulnerability

DEBIAN - DSA-1810

CONFIRM - http://tomcat.apache.org/security-jk.html

CONFIRM - http://tomcat.apache.org/connectors-doc/miscellaneous/changelog.html

CONFIRM - http://svn.eu.apache.org/viewvc?view=rev&revision=702540

CONFIRM - http://svn.eu.apache.org/viewvc/tomcat/connectors/trunk/jk/xdocs/miscellaneous/changelog.xml?view=markup&pathrev=702540

CONFIRM - http://svn.eu.apache.org/viewvc/tomcat/connectors/trunk/jk/native/common/jk_ajp_common.c?r1=702387&r2=702540&pathrev=702540&diff_format=h

SUNALERT - 262468

SECTRACK - 1022001

SECUNIA - 35537

SECUNIA - 34621

SECUNIA - 29283

MLIST - [tomcat-dev] 20090407 [SECURITY] CVE-2008-5519: Apache Tomcat mod_jk information disclosure vulnerability

MLIST - [www-announce] 20090407 [SECURITY] CVE-2008-5519: Apache Tomcat mod_jk information disclosure vulnerability

SUSE - SUSE-SR:2009:018


Last Updated: 27 May 2016 10:48:50