Candidate: CVE-2008-5519
PublicDate: 2009-04-09 15:08:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5519
 http://tomcat.apache.org/security-jk.html
Description:
 The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat allows
 remote attackers to obtain sensitive information via an arbitrary request
 from an HTTP client, in opportunistic circumstances involving (1) a request
 from a different client that included a Content-Length header but no POST
 data or (2) a rapid series of requests, related to noncompliance with the
 AJP protocol's requirements for requests containing Content-Length headers.
Ubuntu-Description:
Notes:
Bugs:
Priority: low
Discovered-by:
Assigned-to:
CVSS: 

Patches_libapache-mod-jk:
upstream_libapache-mod-jk: released (1:1.2.26-2.1)
dapper_libapache-mod-jk: ignored (reached end-of-life)
hardy_libapache-mod-jk: ignored (reached end-of-life)
intrepid_libapache-mod-jk: released (1:1.2.26-2+lenny1build0.8.10.1)
jaunty_libapache-mod-jk: released (1:1.2.26-2+lenny1build0.9.04.1)
karmic_libapache-mod-jk: not-affected (1:1.2.26-2.1)
lucid_libapache-mod-jk: not-affected (1:1.2.26-2.1)
maverick_libapache-mod-jk: not-affected (1:1.2.26-2.1)
natty_libapache-mod-jk: not-affected (1:1.2.26-2.1)
oneiric_libapache-mod-jk: not-affected (1:1.2.26-2.1)
devel_libapache-mod-jk: not-affected (1:1.2.26-2.1)