2.6
CVSSv2

CVE-2008-5519

Published: 09/04/2009 Updated: 13/02/2023
CVSS v2 Base Score: 2.6 | Impact Score: 2.9 | Exploitability Score: 4.9
VMScore: 231
Vector: AV:N/AC:H/Au:N/C:P/I:N/A:N

Vulnerability Summary

The JK Connector (aka mod_jk) 1.2.0 up to and including 1.2.26 in Apache Tomcat allows remote malicious users to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving (1) a request from a different client that included a Content-Length header but no POST data or (2) a rapid series of requests, related to noncompliance with the AJP protocol's requirements for requests containing Content-Length headers.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.
Vulnerable Product Search on Vulmon Subscribe to Product

apache mod jk 1.2.11

apache mod jk 1.2.25

apache mod jk 1.2.9

apache mod jk 1.2.19

apache mod jk 1.2.23

apache mod jk 1.2.16

apache mod jk 1.2.6

apache mod jk 1.2.17

apache mod jk 1.2.24

apache mod jk 1.2.22

apache mod jk 1.2

apache mod jk 1.2.13

apache mod jk 1.2.8

apache mod jk 1.2.10

apache mod jk 1.2.7

apache mod jk 1.2.20

apache mod jk 1.2.21

apache mod jk 1.2.1

apache mod jk 1.2.15

apache mod jk 1.2.12

apache mod jk 1.2.14.1

apache mod jk 1.2.14

apache mod jk 1.2.18

apache mod jk 1.2.26

apache tomcat 5.5.27

apache tomcat 4.1.2

apache tomcat 4.0.4

apache tomcat 4.1.35

apache tomcat 4.1.36

apache tomcat 4.1.9

apache tomcat 5.5.18

apache tomcat 5.0.8

apache tomcat 5.0.19

apache tomcat 4.1.21

apache tomcat 5.5.12

apache tomcat 5.0.14

apache tomcat 5.5.14

apache tomcat 4.1.24

apache tomcat 5.5.10

apache tomcat 5.0.22

apache tomcat 5.5.4

apache tomcat 5.5.7

apache tomcat 5.5.1

apache tomcat 5.0.7

apache tomcat 5.5.11

apache tomcat 4.1.25

apache tomcat 5.5.6

apache tomcat 5.5.26

apache tomcat 5.0.9

apache tomcat 4.1.4

apache tomcat 5.0.15

apache tomcat 5.0.30

apache tomcat 5.5.20

apache tomcat 5.5.15

apache tomcat 5.0.23

apache tomcat 5.0.2

apache tomcat 5.5.5

apache tomcat 5.0.10

apache tomcat 4.1.27

apache tomcat 4.1.30

apache tomcat 4.1.7

apache tomcat 4.1.11

apache tomcat 5.0.21

apache tomcat 5.0.26

apache tomcat 5.5.21

apache tomcat 4.1.18

apache tomcat 5.5.22

apache tomcat 4.1.14

apache tomcat 4.1.19

apache tomcat 5.0.0

apache tomcat 5.0.6

apache tomcat 4.1.31

apache tomcat 5.5.3

apache tomcat 5.0.27

apache tomcat 4.1.16

apache tomcat 4.1.29

apache tomcat 5.0.16

apache tomcat 4.1.22

apache tomcat 4.0.6

apache tomcat 4.1.5

apache tomcat 4.1.26

apache tomcat 4.1.13

apache tomcat 4.1.8

apache tomcat 5.5.9

apache tomcat 4.0.3

apache tomcat 5.5.25

apache tomcat 5.0.18

apache tomcat 4.1.17

apache tomcat 4.0.1

apache tomcat 5.5.2

apache tomcat 5.0.5

apache tomcat 5.0.28

apache tomcat 5.0.29

apache tomcat 4.1.33

apache tomcat 5.5.0

apache tomcat 4.1.1

apache tomcat 5.5.13

apache tomcat 5.5.24

apache tomcat 4.1.12

apache tomcat 4.1.28

apache tomcat 5.0.13

apache tomcat 4.1.15

apache tomcat 4.1.3

apache tomcat 4.1.10

apache tomcat 5.5.8

apache tomcat 5.0.17

apache tomcat 5.5.16

apache tomcat 4.1.0

apache tomcat 4.1.20

apache tomcat 4.0.2

apache tomcat 5.5.17

apache tomcat 5.5.19

apache tomcat 4.0.5

apache tomcat 4.1.23

apache tomcat 4.0.0

apache tomcat 4.1.34

apache tomcat 5.0.4

apache tomcat 4.1.32

apache tomcat 5.0.25

apache tomcat 5.0.1

apache tomcat 5.0.11

apache tomcat 5.5.23

apache tomcat 4.1.6

apache tomcat 5.0.3

apache tomcat 5.0.24

apache tomcat 5.0.12

Vendor Advisories

Debian Bug report logs - #523054 libapache2-mod-jk: [SECURITY] CVE-2008-5519: Apache Tomcat mod_jk Package: libapache2-mod-jk; Maintainer for libapache2-mod-jk is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Source for libapache2-mod-jk is src:libapache-mod-jk (PTS, buildd, popcon) Reported by: "Da ...

References

CWE-200http://www.securityfocus.com/bid/34412http://tomcat.apache.org/connectors-doc/miscellaneous/changelog.htmlhttp://secunia.com/advisories/34621http://securitytracker.com/id?1022001http://marc.info/?l=tomcat-dev&m=123913700700879https://bugzilla.redhat.com/show_bug.cgi?id=490201http://svn.eu.apache.org/viewvc/tomcat/connectors/trunk/jk/xdocs/miscellaneous/changelog.xml?view=markup&pathrev=702540http://svn.eu.apache.org/viewvc?view=rev&revision=702540http://tomcat.apache.org/security-jk.htmlhttp://svn.eu.apache.org/viewvc/tomcat/connectors/trunk/jk/native/common/jk_ajp_common.c?r1=702387&r2=702540&pathrev=702540&diff_format=hhttp://www.vupen.com/english/advisories/2009/0973http://www.openwall.com/lists/oss-security/2009/04/08/10http://www.redhat.com/support/errata/RHSA-2009-0446.htmlhttp://www.debian.org/security/2009/dsa-1810http://secunia.com/advisories/29283http://sunsolve.sun.com/search/document.do?assetkey=1-26-262468-1http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.htmlhttp://secunia.com/advisories/35537http://www.securityfocus.com/archive/1/502530/100/0/threadedhttps://lists.apache.org/thread.html/277d42b48b6e9aef50949c0dcc79ce21693091d73da246b3c1981925%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/r5c616dfc49156e4b06ffab842800c80f4425924d0f20c452c127a53c%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/5b7a23e245c93235c503900da854a143596d901bf1a1f67e851a5de4%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/8d2a579bbd977c225c70cb23b0ec54865fb0dab5da3eff1e060c9935%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3Ehttp://mail-archives.apache.org/mod_mbox/www-announce/200904.mbox/%3C49DBBAC0.2080400%40apache.org%3Ehttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=523054https://nvd.nist.govhttps://www.securityfocus.com/bid/34412