UbuntuUSN-6826-1mod_jk vulnerability
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 High
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
38.8%
Releases
- Ubuntu 23.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 ESM
- Ubuntu 16.04 ESM
Packages
- libapache-mod-jk - Apache 2 connector for the Tomcat Java servlet engine
Details
Karl von Randow discovered that mod_jk was vulnerable to an authentication
bypass. If the configuration did not provide explicit mounts for all
possible proxied requests, an attacker could possibly use this
vulnerability to bypass security constraints configured in httpd.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 23.10 | noarch | libapache2-mod-jk | < 1:1.2.48-2ubuntu0.1 | UNKNOWN |
| Ubuntu | 23.10 | noarch | libapache-mod-jk-doc | < 1:1.2.48-2ubuntu0.1 | UNKNOWN |
| Ubuntu | 23.10 | noarch | libapache2-mod-jk-dbgsym | < 1:1.2.48-2ubuntu0.1 | UNKNOWN |
| Ubuntu | 22.04 | noarch | libapache2-mod-jk | < 1:1.2.48-1ubuntu0.1 | UNKNOWN |
| Ubuntu | 22.04 | noarch | libapache-mod-jk-doc | < 1:1.2.48-1ubuntu0.1 | UNKNOWN |
| Ubuntu | 22.04 | noarch | libapache2-mod-jk-dbgsym | < 1:1.2.48-1ubuntu0.1 | UNKNOWN |
| Ubuntu | 20.04 | noarch | libapache2-mod-jk | < 1:1.2.46-1ubuntu0.1 | UNKNOWN |
| Ubuntu | 20.04 | noarch | libapache-mod-jk-doc | < 1:1.2.46-1ubuntu0.1 | UNKNOWN |
| Ubuntu | 20.04 | noarch | libapache2-mod-jk-dbgsym | < 1:1.2.46-1ubuntu0.1 | UNKNOWN |
| Ubuntu | 18.04 | noarch | libapache2-mod-jk | < 1:1.2.43-1ubuntu0.1~esm1 | UNKNOWN |
References
Related
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 High
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
38.8%