An information disclosure flaw was found in mod_jk, the Tomcat Connector module for Apache. If a buggy client included the "Content-Length" header without providing request body data, or if a client sent repeated equests very quickly, one client could obtain a response intended for another client. For the stable distribution , this problem has been fixed in version 1:1.2.26-2+lenny1. The oldstable distribution , this problem has been fixed in version 1:1.2.18-3etch2. For the testing distribution and the unstable distribution , this problem has been fixed in version 1:1.2.26-2.1. We recommend that you upgrade your libapache-mod-jk packages.