[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] CVE-2008-5519: mod_jk session information leak vulnerability
From: Vincent Danen <vdanen () redhat ! com>
Date: 2009-04-08 18:23:15
Message-ID: 20090408182315.GA19549 () redhat ! com
[Download RAW message or body]
Just a heads up for those of you shipping mod_jk. There is a session
leak vulnerability where, in certain circumstances, client A can get the
responses intended for client B.
This was fixed upstream in version 1.2.27 but the security ramifications
weren't known at that point.
https://bugzilla.redhat.com/show_bug.cgi?id=490201
Our bug has a few more details.
http://svn.eu.apache.org/viewvc?view=rev&revision=702540
This is the upstream fix for the issue.
The issue has the CVE name CVE-2008-5519.
--
Vincent Danen / Red Hat Security Response Team
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic