EUVD-2014-7957

Malware in sbrugna...

Apache Tomcat JK Connector 1.2.x < 1.2.41 JkUnmount Directive Handling Remote Information Disclosure

The version of Apache Tomcat JK Connector modjk installed on the remote host is version 1.2.x prior to 1.2.41. It is, therefore, affected by an information disclosure vulnerability due to improper handling of the 'JkUnmount' directive and multiple, adjacent slashes in requests. A remote attacker...

mod_jk: information leak due to incorrect JkMount/JkUnmount directives processing

It was discovered that a JkUnmount rule for a subtree of a previous JkMount rule could be ignored. This could allow a remote attacker to potentially access a private artifact in a tree that would otherwise not be accessible to them...

mod_jk: information leak due to incorrect JkMount/JkUnmount directives processing

It was discovered that a JkUnmount rule for a subtree of a previous JkMount rule could be ignored. This could allow a remote attacker to potentially access a private artifact in a tree that would otherwise not be accessible to them...

Important: Red Hat Security Advisory: Red Hat JBoss Web Server 2.1.0 security update

An update for Red Hat JBoss Web Server 2.1.0 that fixes two security issues is now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed...

Apache Tomcat JK Connector 1.2.x < 1.2.41 JkUnmount Directive Handling Remote Information Disclosure

Based on the Server response header, the installation of the JK Connector modjk in Apache Tomcat listening on the remote host is version 1.2.x prior to 1.2.41. It is, therefore, affected by an information disclosure vulnerability due to improper handling of the 'JkUnmount' directive and multiple,...

Updated apache-mod_jk package fixes security vulnerability

An information disclosure flaw due to incorrect JkMount/JkUnmount directives processing was found in the Apache 2 module modjk to forward requests from the Apache web server to Tomcat. A JkUnmount rule for a subtree of a previous JkMount rule could be ignored. This could allow a remote attacker t...

Debian DLA-240-1 : libapache-mod-jk security update

An information disclosure flaw due to incorrect JkMount/JkUnmount directives processing was found in the Apache 2 module modjk to forward requests from the Apache web server to Tomcat. A JkUnmount rule for a subtree of a previous JkMount rule could be ignored. This could allow a remote attacker t...

DLA-240-1 libapache-mod-jk - security update

Bulletin has no description...

[SECURITY] [DSA 3278-1] libapache-mod-jk security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3278-1 [email protected] http://www.debian.org/security/ Markus Koschany June 03, 2015 http://www.debian.org/security/faq -...

CVE-2014-8111

Apache Tomcat Connectors modjk before 1.2.41 ignores JkUnmount rules for subtrees of previous JkMount rules, which allows remote attackers to access otherwise restricted artifacts via unspecified vectors...

Design/Logic Flaw

Apache Tomcat Connectors modjk before 1.2.41 ignores JkUnmount rules for subtrees of previous JkMount rules, which allows remote attackers to access otherwise restricted artifacts via unspecified vectors...

CVE-2014-8111

Apache Tomcat Connectors modjk before 1.2.41 ignores JkUnmount rules for subtrees of previous JkMount rules, which allows remote attackers to access otherwise restricted artifacts via unspecified vectors...

UBUNTU-CVE-2014-8111

Apache Tomcat Connectors modjk before 1.2.41 ignores JkUnmount rules for subtrees of previous JkMount rules, which allows remote attackers to access otherwise restricted artifacts via unspecified vectors...

CVE-2014-8111

Apache Tomcat Connectors modjk before 1.2.41 ignores JkUnmount rules for subtrees of previous JkMount rules, which allows remote attackers to access otherwise restricted artifacts via unspecified vectors...

CVE-2014-8111

Apache Tomcat Connectors modjk before 1.2.41 ignores JkUnmount rules for subtrees of previous JkMount rules, which allows remote attackers to access otherwise restricted artifacts via unspecified vectors...

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.4.0 update

Updated packages that provide Red Hat JBoss Enterprise Application Platform 6.4.0, and fix multiple security issues, several bugs, and add various enhancements, are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact...

mod_jk: information leak due to incorrect JkMount/JkUnmount directives processing

It was discovered that a JkUnmount rule for a subtree of a previous JkMount rule could be ignored. This could allow a remote attacker to potentially access a private artifact in a tree that would otherwise not be accessible to them...

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.4.0 update

Updated packages that provide Red Hat JBoss Enterprise Application Platform 6.4.0, and fix multiple security issues, several bugs, and add various enhancements, are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact...

mod_jk -- information disclosure

NIST reports: Apache Tomcat Connectors modjk before 1.2.41 ignores JkUnmount rules for subtrees of previous JkMount rules, which allows remote attackers to access otherwise restricted artifacts via unspecified vectors...