The AJP connector in Apache Tomcat 5.5.15 uses an incorrect length for chunks, which can cause a buffer over-read in the ajp_process_callback in mod_jk, which allows remote attackers to read portions of sensitive memory.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Tomcat | Apache | 5.5.15 (including) | 5.5.15 (including) |