Authorization Bypass

2019-01-1509:07:28

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

JSON

mod_jk is vulnerable to authorization bypass attacks. The vulnerability exists as Apache Tomcat Connectors (mod_jk) before 1.2.41 ignores JkUnmount rules for subtrees of previous JkMount rules, which allows remote attackers to access otherwise restricted artifacts via unspecified vectors.

CPENameOperatorVersion
mod_jkeq1.2.36__5.ep6.el6
mod_jkeq1.2.31__1.1.ep5.el5
mod_jkeq1.2.37__2.redhat_1.ep6.el5
mod_jkeq1.2.40__7.redhat_1.ep7.el7
mod_jkeq1.2.37__4.redhat_3.ep6.el5
mod_jkeq1.2.40__2.redhat_1.ep6.el5
mod_jkeq1.2.26__1.el5s2
mod_jkeq1.2.40__3.redhat_2.ep6.el5
mod_jkeq1.2.23__3.el5s2
mod_jkeq1.2.37__2.redhat_1.ep6.el6

Name	Operator	Version
mod_jk	eq	1.2.36__5.ep6.el6
mod_jk	eq	1.2.31__1.1.ep5.el5
mod_jk	eq	1.2.37__2.redhat_1.ep6.el5
mod_jk	eq	1.2.40__7.redhat_1.ep7.el7
mod_jk	eq	1.2.37__4.redhat_3.ep6.el5
mod_jk	eq	1.2.40__2.redhat_1.ep6.el5
mod_jk	eq	1.2.26__1.el5s2
mod_jk	eq	1.2.40__3.redhat_2.ep6.el5
mod_jk	eq	1.2.23__3.el5s2
mod_jk	eq	1.2.37__2.redhat_1.ep6.el6