Apache TomCat mod_jk < 1.2.27 Cross-user Information Disclosure

Low Log Correlation Engine Plugin ID 800629


The remote host is vulnerable to a flaw that allows attackers to retrieve sensitive files or data.


mod_jk is reported vulnerable to an information disclosure flaw due to the way that it processes 'Content-Length' headers. Allegedly, an attacker supplying a NULL content-length can view the HTTP responses of other requests. An attacker exploiting this flaw would be able to possibly gain access to confidential data.


Upgrade to version 1.2.27 or higher.

See Also


Plugin Details

Severity: Low

ID: 800629

File Name: 800629.prm

Family: Web Servers

Risk Information

Risk Factor: Low


Base Score: 5

Temporal Score: 4.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Reference Information

CVE: CVE-2008-5519

BID: 34412