CVE-2008-5519: mod_jk session information leak vulnerability

[Vincent Danen <vdanen () redhat com>]

Just a heads up for those of you shipping mod_jk.  There is a session
leak vulnerability where, in certain circumstances, client A can get the
responses intended for client B.

This was fixed upstream in version 1.2.27 but the security ramifications
weren't known at that point.

https://bugzilla.redhat.com/show_bug.cgi?id=490201

Our bug has a few more details.

http://svn.eu.apache.org/viewvc?view=rev&revision=702540

This is the upstream fix for the issue.

The issue has the CVE name CVE-2008-5519.

--
Vincent Danen / Red Hat Security Response Team