CVSS: 2.6EPSS: 0%CPEs: 128EXPL: 1CVE-2008-5519 – mod_jk: session information leak
https://notcve.org/view.php?id=CVE-2008-5519
The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving (1) a request from a different client that included a Content-Length header but no POST data or (2) a rapid series of requests, related to noncompliance with the AJP protocol's requirements for requests containing Content-Length headers. El conector JK (tambien conocido como mod_jk) v1.2.0 hasta la v1.2.26 en Apache Tomcat permite a atacantes remotos obtener información sensible a través de una petición arbitraria desde un cliente HTTP, en circunstancias oportunas implicando (1) una petición desde distintos clientes que incluyan una cabecera con el campo longitud de contenido, pero sin datos en POST, o (2) una serie de peticiones rápidas, relativo a la no conformidad con los requerimientos del protocolo AJP para peticiones que contengan cabeceras con el campo longitud del contenido. • http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html http://mail-archives.apache.org/mod_mbox/www-announce/200904.mbox/%3C49DBBAC0.2080400%40apache.org%3E http://marc.info/?l=tomcat-dev&m=123913700700879 http://secunia.com/advisories/29283 http://secunia.com/advisories/34621 http://secunia.com/advisories/35537 http://securitytracker.com/id?1022001 http://sunsolve.sun.com/search/document.do?assetkey=1-26-262468-1 http://svn.eu.apache.org/viewvc/tomcat/connector • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 10%CPEs: 5EXPL: 2CVE-2007-6258 – Apache Tomcat Connector jk2-2.0.2 mod_jk2 - Remote Overflow
https://notcve.org/view.php?id=CVE-2007-6258
Multiple stack-based buffer overflows in the legacy mod_jk2 2.0.3-DEV and earlier Apache module allow remote attackers to execute arbitrary code via a long (1) Host header, or (2) Hostname within a Host header. Múltiples desbordamientos de búfer basados en pila en el módulo de Apache legacy mod_jk2 2.0.3-DEV y anteriores permiten a atacantes remotos ejecutar código de su elección a través de una (1) cabecera Host larga o (2) Hostname dentro de una cabecera Host larga. • https://www.exploit-db.com/exploits/5386 http://securityreason.com/securityalert/3661 http://www.ioactive.com/pdfs/mod_jk2.pdf http://www.ioactive.com/vulnerabilities/mod_jk2LegacyBufferOverflowAdvisory.pdf http://www.kb.cert.org/vuls/id/771937 http://www.securityfocus.com/archive/1/487983/100/100/threaded http://www.securityfocus.com/bid/27752 http://www.vupen.com/english/advisories/2008/0572 https://www.exploit-db.com/exploits/5330 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •