18 matches found
SUSE: Security Advisory (SUSE-SU-2018:3970-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2015:1851-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE SLES11 Security Update : apache2-mod_jk (SUSE-SU-2018:3970-1)
This update for apache2-modjk fixes the following issues : Security issues fixed : CVE-2018-11759: Fixed connector path traversal due to mishandled HTTP requests in httpd bsc1114612. CVE-2014-8111: Apache Tomcat Connectors modjk ignored JkUnmount rules for subtrees of previous JkMount rules, whic...
RHEL 7 : Red Hat JBoss Enterprise Application Platform 6.4.0 update (Important) (RHSA-2015:0848)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2015:0848 advisory. Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was found that a...
Important: Red Hat Security Advisory: Red Hat JBoss Web Server 2.1.0 security update
An update for Red Hat JBoss Web Server 2.1.0 that fixes two security issues is now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed...
Important: Red Hat Security Advisory: Red Hat JBoss Web Server 2.1.0 security update
An update for Red Hat JBoss Web Server 2.1.0 that fixes two security issues is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...
Updated apache-mod_jk package fixes security vulnerability
An information disclosure flaw due to incorrect JkMount/JkUnmount directives processing was found in the Apache 2 module modjk to forward requests from the Apache web server to Tomcat. A JkUnmount rule for a subtree of a previous JkMount rule could be ignored. This could allow a remote attacker t...
[SECURITY] [DLA 240-1] libapache-mod-jk security update
Package : libapache-mod-jk Version : 1:1.2.30-1squeeze2 CVE ID : CVE-2014-8111 Debian Bug : 783233 An information disclosure flaw due to incorrect JkMount/JkUnmount directives processing was found in the Apache 2 module modjk to forward requests from the Apache web server to Tomcat. A JkUnmount...
[SECURITY] [DSA 3278-1] libapache-mod-jk security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3278-1 [email protected] http://www.debian.org/security/ Markus Koschany June 03, 2015 http://www.debian.org/security/faq -...
Debian DSA-3278-1 : libapache-mod-jk - security update
An information disclosure flaw due to incorrect JkMount/JkUnmount directives processing was found in the Apache 2 module modjk to forward requests from the Apache web server to Tomcat. A JkUnmount rule for a subtree of a previous JkMount rule could be ignored. This could allow a remote attacker t...
[SECURITY] [DSA 3278-1] libapache-mod-jk security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3278-1 [email protected] http://www.debian.org/security/ Markus Koschany June 03, 2015 http://www.debian.org/security/faq -...
CVE-2014-8111
CVE-2014-8111 is documented in connected sources as affecting the Apache Tomcat Connectors (mod_jk) before 1.2.41, where JkUnmount rules for subtrees of previous JkMount rules are ignored, enabling a remote attacker to access otherwise restricted artifacts via unspecified vectors. The OpenVAS ent...
RHEL 5 : Red Hat JBoss Enterprise Application Platform 6.4.0 update (Important) (RHSA-2015:0846)
The remote Redhat Enterprise Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2015:0846 advisory. Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was found that a...
RHEL 6 : Red Hat JBoss Enterprise Application Platform 6.4.0 update (Important) (RHSA-2015:0847)
The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2015:0847 advisory. Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was found that a...
Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.4.0 update
Updated packages that provide Red Hat JBoss Enterprise Application Platform 6.4.0, and fix multiple security issues, several bugs, and add various enhancements, are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact...
Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.4.0 update
Updated packages that provide Red Hat JBoss Enterprise Application Platform 6.4.0, and fix multiple security issues, several bugs, and add various enhancements, are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact...
Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.4.0 update
Updated packages that provide Red Hat JBoss Enterprise Application Platform 6.4.0, and fix multiple security issues, several bugs, and add various enhancements, are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact...
Fixed in Apache Tomcat JK Connector 1.2.41
Important: Information disclosure CVE-2014-8111 Multiple adjacent slashes in a request URI were not collapsed to a single slash before comparing the request URI to the configured mount and unmount patterns. It is therefore possible for an attacker to use a request URI containing multiple adjacent...