Apache Tomcat JK Connect <=1.2.44 - Manager Access

Apache Tomcat JK modjk Connector 1.2.0 to 1.2.44 allows specially constructed requests to expose application functionality through the reverse proxy. It is also possible in some configurations for a specially constructed request to bypass the access controls configured in httpd. While there is so...

USN-8369-1 libapache-mod-jk vulnerability

It was discovered that Apache Tomcat Connectors used incorrect default permissions for shared memory on Unix-like systems. A local attacker could possibly use this issue to view or modify modjk configuration data in shared memory, resulting in sensitive information exposure or a denial of service...

Security update for apache2-mod_jk

This update for apache2-modjk fixes the following issues: Update to version 1.2.50: CVE-2024-46544: Fixed incorrect default permissions vulnerabilitymay that could lead to information disclosure and/or denial of service. bsc1230916 Patch Instructions: To install this SUSE update use the SUSE...

Security update for apache2-mod_jk

This update for apache2-modjk fixes the following issues: Update to version 1.2.50: CVE-2024-46544: Fixed incorrect default permissions vulnerabilitymay that could lead to information disclosure and/or denial of service. bsc1230916 CVE-2023-41081: Fixed information disclosure in modjk. bsc1215301...

mod_jk: information Disclosure / DoS

An Incorrect Default Permissions vulnerability was found in Apache Tomcat Connectors that allows local users to view and modify shared memory containing modjk configuration, which may lead to information disclosure and denial of service...

mod_jk: information Disclosure / DoS

An Incorrect Default Permissions vulnerability was found in Apache Tomcat Connectors that allows local users to view and modify shared memory containing modjk configuration, which may lead to information disclosure and denial of service...

Debian: Security Advisory (DLA-3919-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 3919-1] libapache-mod-jk security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3919-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb October 14, 2024 https://wiki.debian.org/LTS -...

Debian dla-3919 : libapache-mod-jk-doc - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-3919 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3919-1 [email protected] https://www.debian.org/lts/security/...

DLA-3919-1 libapache-mod-jk - security update

Bulletin has no description...

The vulnerability of the mod_jk module of the Apache Tomcat JK Connector allows attackers to disclose sensitive information or cause service failures.

The vulnerability of the JkShmFile directive in the modjk module of the Apache Tomcat JK Connector is related to the incorrect use of standard permissions. Exploiting this vulnerability can allow an attacker to disclose information about the modjk module or cause service failures...

Ubuntu: Security Advisory (USN-6826-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2024:1198-1 Security update for apache2-mod_jk

This update for apache2-modjk fixes the following issues: - Upgrade from version 1.2.40 to 1.2.49 - CVE-2023-41081: Fix an information disclosure issue in modjk. bsc1215301...

VulnCheck KEV: CVE-2018-11759

The Apache Web Server httpd specific code that normalised the requested path before matching it to the URI-worker map in Apache Tomcat JK modjk Connector 1.2.0 to 1.2.44 did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via httpd, then...

Debian: Security Advisory (DLA-3580-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

DLA-3580-1 libapache-mod-jk - security update

Bulletin has no description...

UBUNTU-CVE-2023-41081

Important: Authentication Bypass CVE-2023-41081 The modjk component of Apache Tomcat Connectors in some circumstances, such as when a configuration included "JkOptions +ForwardDirectories" but the configuration did not provide explicit mounts for all possible proxied requests, modjk would use an...

Apache Tomcat Security Vulnerability

Apache Tomcat is the United States Apache Apache Foundation of a lightweight Web application server. The program implements support for Servlets and JavaServer Page JSP. A security vulnerability exists in Apache Tomcat, which stems from the fact that modjk uses an implicit mapping when the...

Debian: Security Advisory (DLA-240-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DSA 4680-1] tomcat9 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4680-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 06, 2020 https://www.debian.org/security/faq -...