mod_jk -- information disclosure

2007-05-18T00:00:00
ID D9405748-1342-11DC-A35C-001485AB073E
Type freebsd
Reporter FreeBSD
Modified 2007-10-31T00:00:00

Description

Kazu Nambo reports:

URL decoding the the Apache webserver prior to decoding in the Tomcat server could pypass access control rules and give access to pages on a different AJP by sending a crafted URL.