The AJP connector of Tomcat 5.5.15 contained a bug that sometimes set a too long length for the chunks delivered by send_body_chunks AJP messages. This is fixed meanwhile by http://svn.apache.org/viewcvs.cgi?rev=381505&view=rev. A bug of this type can cause mod_jk to read beyond buffer boundaries and thus reveal sensitive memory information to a client. The attached patch against mod_jk 1.2.15 adds a sanity check to prevent mod_jk from reading beyond buffer boundaries in such cases. This protects mod_jk against buggy or malicious AJP servers in the backend.
Created attachment 17837 [details] Patch against mod_jk 1.2.15
Commited. Thanks!