CVE-2008-5519
libapache-mod-jk - information
EPSS 4.6%
Description
The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving (1) a request from a different client that included a Content-Length header but no POST data or (2) a rapid series of requests, related to noncompliance with the AJP protocol's requirements for requests containing Content-Length headers.
How to fix CVE-2008-5519
To remediate CVE-2008-5519, upgrade the affected package to a fixed version below.
- Debian/libapache-mod-jk—upgrade to 1:1.2.26-2.1 or later
- —upgrade to 1:1.2.18-3etch2 or later
Is CVE-2008-5519 being exploited?
Low — EPSS is 4.6%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 1:1.2.26-2.1
- from 0, < 1:1.2.18-3etch2