EUVD-2023-45601

Malicious code in bioql PyPI...

RockyLinux 9 : mod_jk bug fix update (Moderate) (RLSA-2024:7457)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:7457 advisory. The modjk module is an Apache HTTP Server plug-in that enables the Apache HTTP Server to connect with the Apache Tomcat servlet engine. Bug Fixes: Rebase to...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 : mod_jk vulnerability (USN-6826-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 host has a package installed that is affected by a vulnerability as referenced in the USN-6826-1 advisory. Karl von Randow discovered that modjk was vulnerable to an authentication bypass. If the configuration did not provide...

httpd: Apache Tomcat Connectors (mod_jk) Information Disclosure

A vulnerability was found in Apache Tomcat Connectors modjk. Affected versions of this package are vulnerable to information exposure in the modjk component. This flaw allows an attacker to exploit the implicit mapping functionality, resulting in the unintended exposure of the status worker and...

DEBIAN-CVE-2023-41081

Important: Authentication Bypass CVE-2023-41081 The modjk component of Apache Tomcat Connectors in some circumstances, such as when a configuration included "JkOptions +ForwardDirectories" but the configuration did not provide explicit mounts for all possible proxied requests, modjk would use an...

Authorization Bypass

modjk is vulnerable to authorization bypass attacks. The vulnerability exists as Apache Tomcat Connectors modjk before 1.2.41 ignores JkUnmount rules for subtrees of previous JkMount rules, which allows remote attackers to access otherwise restricted artifacts via unspecified vectors...

mod_jk Chunked Encoding DoS (deprecated)

Binary data 1571.prm...

Apache mod_jk < 1.2.1 Chunked Encoding DoS

Binary data 1510.prm...