-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Vulnerability announcement: CVE-2008-5519: Apache Tomcat mod_jk information disclosure vulnerability Severity: important Vendor: The Apache Software Foundation Versions Affected: mod_jk 1.2.0 to 1.2.26 Description: Situations where faulty clients set Content-Length without providing data, or where a user submits repeated requests very quickly may permit one user to view the response associated with a different user's request. Mitigation: Upgrade to mod_jk 1.2.27 or later Example: See description Credit: This issue was discovered by the Red Hat Security Response Team References: http://tomcat.apache.org/security.html http://tomcat.apache.org/security-jk.html The Apache Tomcat Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFJ27rAb7IeiTPGAkMRAlsDAJ9qqKPiFnh+rxaxzMZmKIFA5Q5r5QCg2N84 OzL54gpA6e272kokWjK4wZU= =GKVO -----END PGP SIGNATURE-----
