FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

mod_jk -- information disclosure

Affected packages
ap22-mod_jk < 1.2.41,1
ap24-mod_jk < 1.2.41,1

Details

VuXML ID 47aa4343-44fa-11e5-9daa-14dae9d210b8
Discovery 2015-01-15
Entry 2015-08-17

NIST reports:

Apache Tomcat Connectors (mod_jk) before 1.2.41 ignores JkUnmount rules for subtrees of previous JkMount rules, which allows remote attackers to access otherwise restricted artifacts via unspecified vectors.

[source]

References

CVE Name CVE-2014-8111
URL http://readlist.com/lists/tomcat.apache.org/users/27/135512.html
URL http://www.cvedetails.com/cve/CVE-2014-8111/
URL https://www.mail-archive.com/users@tomcat.apache.org/msg118949.html

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.