cbcvebase.
CVE-2008-5519
published 2009-04-09

CVE-2008-5519: The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to obtain sensitive information via an arbitrary request from an…

PriorityP423low2.6CVSS 2.0
AVNACHAuNCPINAN
EPSS
7.26%
93.6th percentile
The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving (1) a request from a different client that included a Content-Length header but no POST data or (2) a rapid series of requests, related to noncompliance with the AJP protocol's requirements for requests containing Content-Length headers.

Affected

127 ranges· showing 25
VendorProductVersion rangeFixed in
apachemod_jk
apachemod_jk
apachemod_jk
apachemod_jk
apachemod_jk
apachemod_jk
apachemod_jk
apachemod_jk
apachemod_jk
apachemod_jk
apachemod_jk
apachemod_jk
apachemod_jk
apachemod_jk
apachemod_jk
apachemod_jk
apachemod_jk
apachemod_jk
apachemod_jk
apachemod_jk
apachemod_jk
apachemod_jk
apachemod_jk
apachemod_jk
apachetomcat

CVSS provenance

nvdv2.02.6LOWAV:N/AC:H/Au:N/C:P/I:N/A:N
osv2.6LOW
vendor_debian2.6LOW
vendor_redhat2.6LOW
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.