This script is Copyright (C) 2010-2011 Tenable Network Security, Inc.
The remote web server is prone to an information disclosure attack.
Based on the version in the Server response header, the installation
of the JK Connector (aka mod_jk) in Apache Tomcat listening on the
remote host is a version of 1.2.x before 1.2.27. Such versions
reportedly may allow a remote attacker to view the response associated
with a different user's request either by sending a request with a
Content-Length but without any data or by sending repeated requests
Note that Nessus did not actually test for the flaw but instead has
relied on the version in the Server response header so this may be a
See also :
Upgrade to mod_jk 1.2.27 or later.
Risk factor :
Low / CVSS Base Score : 2.6
CVSS Temporal Score : 2.1
Public Exploit Available : true
Family: Web Servers
Nessus Plugin ID: 46885 ()
Bugtraq ID: 34412
CVE ID: CVE-2008-5519
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.