Ruediger Pluem

**Name of the Vulnerable Software and Affected Versions** Apache Tomcat version 5.5.15 **Description** The issue is related to the AJP connector in Apache Tomcat, which uses an incorrect length for chunks. This can cause a buffer over-read in the `ajp process callback` function in mod jk, allowing remote attackers to read portions of sensitive memory. **Recommendations** For Apache Tomcat version 5.5.15, consider disabling the AJP connector as a temporary workaround until a patch is available. Restrict access to the mod jk module to minimize the risk of exploitation.