Hi, We are also getting this error in mod_proxy_ajp (2.2.11 on Windows)
Anyone know if this is the same fix? https://issues.apache.org/bugzilla/show_bug.cgi?id=46949 Seems to be fixed. /Jakob On Tue, Apr 7, 2009 at 10:42 PM, Mark Thomas <ma...@apache.org> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Vulnerability announcement: > CVE-2008-5519: Apache Tomcat mod_jk information disclosure vulnerability > > Severity: important > > Vendor: The Apache Software Foundation > > Versions Affected: > mod_jk 1.2.0 to 1.2.26 > > Description: > Situations where faulty clients set Content-Length without providing > data, or where a user submits repeated requests very quickly may permit > one user to view the response associated with a different user's request. > > Mitigation: > Upgrade to mod_jk 1.2.27 or later > > Example: > See description > > Credit: > This issue was discovered by the Red Hat Security Response Team > > References: > http://tomcat.apache.org/security.html > http://tomcat.apache.org/security-jk.html > > The Apache Tomcat Security Team > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.7 (MingW32) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iD8DBQFJ27rAb7IeiTPGAkMRAlsDAJ9qqKPiFnh+rxaxzMZmKIFA5Q5r5QCg2N84 > OzL54gpA6e272kokWjK4wZU= > =GKVO > -----END PGP SIGNATURE----- > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > -- Jakob Ericsson, JAKERI AB Tel. +46 704 533 627 --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org