Similar to RHSA-2007:0380, Red Hat has announced RHSA-2007:0379 relating to mod_jk for Red Hat Application Stack 1.1. An attacker could construct a carefully crafted packet to circumvent content restrictions if Tomcat was used behind mod_jk and configured to only proxy some contexts (CVE-2007-1860). The Red Hat Security Response Team has rated this update as having important security impact. More detailed information can be found on the Red Hat Network.
Get Slaptijack updates delivered to your Inbox or RSS Reader for free!
Leave a Reply