CVE-2008-5519

Name of the Vulnerable Software and Affected Versions JK Connector (aka mod jk) versions 1.2.0 through 1.2.26

Description The issue allows remote attackers to obtain sensitive information via an arbitrary request from an HTTP client under certain circumstances, including when a request from a different client includes a Content-Length header but no POST data, or when there is a rapid series of requests. This is related to noncompliance with the AJP protocol's requirements for requests containing Content-Length headers.

Recommendations For JK Connector (aka mod jk) versions 1.2.0 through 1.2.26, consider updating to a version outside of this range to resolve the issue. As a temporary workaround, restrict access to the AJP protocol to minimize the risk of exploitation. Avoid using the Content-Length header in requests to the affected connector until the issue is resolved.