VDB
CVE-2008-5519
CVE-2008-5519
PUBLISHED
CVSS 2.5999999046325684 LOW
The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving (1) a request from a different client that included a Content-Length header but no POST data or (2) a rapid series of requests, related to noncompliance with the AJP protocol's requirements for requests containing Content-Length headers.
EPSS 4.56% · 89.4th percentile
Risk Scores
CVSS 2.0
2.5999999046325684
EPSS Score
4.56%
89.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| apache | tomcat | 5.5.20, 5.5.9, 5.5.10 |
| apache | mod_jk | 1.2, 1.2.1, 1.2.6 |
| n/a | n/a | n/a |
Exploit Intelligence
- [tomcat-dev] 20090407 [SECURITY] CVE-2008-5519: Apache Tomcat mod_jk information disclosure vulnerability (circl)
- [tomcat-dev] 20190413 svn commit: r1857494 [18/20] - in /tomcat/site/trunk: ./ docs/ xdocs/ (circl)
- http://tomcat.apache.org/connectors-doc/miscellaneous/changelog.html (circl)
- 34621 (circl)
- SUSE-SR:2009:018 (circl)
- 1022001 (circl)
- 34412 (circl)
- [oss-security] 20090408 CVE-2008-5519: mod_jk session information leak vulnerability (circl)
- http://svn.eu.apache.org/viewvc/tomcat/connectors/trunk/jk/native/common/jk_ajp_common.c?r1=702387&r2=702540&pathrev=702540&diff_format=h (circl)
- RHSA-2009:0446 (circl)
…and 16 more exploits
Timeline
- Apr 9, 2009 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 3, 2023 EPSS Score
- Jul 17, 2023 EPSS Score
- Sep 8, 2023 EPSS Score
- Oct 30, 2023 EPSS Score
References
- http://securitytracker.com/id?1022001 technical
- http://secunia.com/advisories/34621 advisory
- ADV-2009-0973 vdb
- http://tomcat.apache.org/connectors-doc/miscellaneous/changelog.html url
- SUSE-SR:2009:018 vendor-advisory
- 34412 vdb
- [oss-security] 20090408 CVE-2008-5519: mod_jk session information leak vulnerability mailing-list
- http://svn.eu.apache.org/viewvc/tomcat/connectors/trunk/jk/native/common/jk_ajp_common.c?r1=702387&r2=702540&pathrev=702540&diff_format=h url
- RHSA-2009:0446 vendor-advisory
- [www-announce] 20090407 [SECURITY] CVE-2008-5519: Apache Tomcat mod_jk information disclosure vulnerability mailing-list
- http://svn.eu.apache.org/viewvc?view=rev&revision=702540 url
- [tomcat-dev] 20090407 [SECURITY] CVE-2008-5519: Apache Tomcat mod_jk information disclosure vulnerability mailing-list
- 20090407 [SECURITY] CVE-2008-5519: Apache Tomcat mod_jk information disclosure vulnerability mailing-list
- https://bugzilla.redhat.com/show_bug.cgi?id=490201 url
- 29283 third-party-advisory
- http://tomcat.apache.org/security-jk.html url
- 35537 third-party-advisory
- DSA-1810 vendor-advisory
- 262468 vendor-advisory
- http://svn.eu.apache.org/viewvc/tomcat/connectors/trunk/jk/xdocs/miscellaneous/changelog.xml?view=markup&pathrev=702540 url
…and 14 more