15 matches found
SUSE CVE-2007-1860
modjk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. dot dot sequences and...
mod_jk: information leak due to incorrect JkMount/JkUnmount directives processing
It was discovered that a JkUnmount rule for a subtree of a previous JkMount rule could be ignored. This could allow a remote attacker to potentially access a private artifact in a tree that would otherwise not be accessible to them...
mod_jk: information leak due to incorrect JkMount/JkUnmount directives processing
It was discovered that a JkUnmount rule for a subtree of a previous JkMount rule could be ignored. This could allow a remote attacker to potentially access a private artifact in a tree that would otherwise not be accessible to them...
mod_jk: information leak due to incorrect JkMount/JkUnmount directives processing
It was discovered that a JkUnmount rule for a subtree of a previous JkMount rule could be ignored. This could allow a remote attacker to potentially access a private artifact in a tree that would otherwise not be accessible to them...
Updated apache-mod_jk package fixes security vulnerability
An information disclosure flaw due to incorrect JkMount/JkUnmount directives processing was found in the Apache 2 module modjk to forward requests from the Apache web server to Tomcat. A JkUnmount rule for a subtree of a previous JkMount rule could be ignored. This could allow a remote attacker t...
Debian DLA-240-1 : libapache-mod-jk security update
An information disclosure flaw due to incorrect JkMount/JkUnmount directives processing was found in the Apache 2 module modjk to forward requests from the Apache web server to Tomcat. A JkUnmount rule for a subtree of a previous JkMount rule could be ignored. This could allow a remote attacker t...
DLA-240-1 libapache-mod-jk - security update
Bulletin has no description...
[SECURITY] [DSA 3278-1] libapache-mod-jk security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3278-1 [email protected] http://www.debian.org/security/ Markus Koschany June 03, 2015 http://www.debian.org/security/faq -...
UBUNTU-CVE-2014-8111
Apache Tomcat Connectors modjk before 1.2.41 ignores JkUnmount rules for subtrees of previous JkMount rules, which allows remote attackers to access otherwise restricted artifacts via unspecified vectors...
mod_jk: information leak due to incorrect JkMount/JkUnmount directives processing
It was discovered that a JkUnmount rule for a subtree of a previous JkMount rule could be ignored. This could allow a remote attacker to potentially access a private artifact in a tree that would otherwise not be accessible to them...
mod_jk sends decoded URL to tomcat
modjk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. dot dot sequences and...
DEBIAN-CVE-2007-1860
modjk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. dot dot sequences and...
CVE-2007-1860
modjk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. dot dot sequences and...
CVE-2007-1860
modjk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. dot dot sequences and...
PT-2007-3208 · Apache +1 · Apache Tomcat Jk Web Server Connector +1
Name of the Vulnerable Software and Affected Versions: Apache Tomcat JK Web Server Connector versions 1.2.x through 1.2.22 Description: The issue allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. dot dot sequences and directory...