Download
| Alert*
oval:org.secpod.oval:def:89003068
This update for apache2-mod_jk fixes the following issue: Security issue fixed: - CVE-2018-11759: Fixed connector path traversal due to mishandled HTTP requests in httpd . oval:org.secpod.oval:def:53480 Raphael Arrouas and Jean Lejeune discovered an access control bypass vulnerability in mod_jk, the Apache connector for the Tomcat Java servlet engine. The vulnerability is addressed by upgrading mod_jk to the new upstream version 1.2.46, which includes additional changes. https://tomcat.apache.org/c ... oval:org.secpod.oval:def:89002458 This update for apache2-mod_jk fixes the following issue: Security issue fixed: - CVE-2018-11759: Fixed connector path traversal due to mishandled HTTP requests in httpd . oval:org.secpod.oval:def:89049744 This update for apache2-mod_jk fixes the following issue: Security issue fixed: - CVE-2018-11759: Fixed connector path traversal due to mishandled HTTP requests in httpd . oval:org.secpod.oval:def:89051133 This update for apache2-mod_jk fixes the following issues: Update to version 1.2.49: Apache * Retrieve default request id from mod_unique_id. It can also be taken from an arbitrary environment variable by configuring "JkRequestIdIndicator". * Don"t delegate the generatation of the response body to h ... oval:org.secpod.oval:def:89002184 This update for apache2-mod_jk fixes the following issues: Security issues fixed: - CVE-2018-11759: Fixed connector path traversal due to mishandled HTTP requests in httpd . - CVE-2014-8111: Apache Tomcat Connectors ignored JkUnmount rules for subtrees of previous JkMount rules, which allowed remot ... oval:org.secpod.oval:def:2103537 The Apache Web Server (httpd) specific code that normalised the requested path before matching it to the URI-worker map in Apache Tomcat JK (mod_jk) Connector 1.2.0 to 1.2.44 did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via httpd, then it w ... oval:org.secpod.oval:def:603591 Raphael Arrouas and Jean Lejeune discovered an access control bypass vulnerability in mod_jk, the Apache connector for the Tomcat Java servlet engine. The vulnerability is addressed by upgrading mod_jk to the new upstream version 1.2.46, which includes additional changes. https://tomcat.apache.org/c ... oval:org.secpod.oval:def:1000590 The remote host is missing a patch 152644-07 containing a security fix. For more information please visit the reference link. oval:org.secpod.oval:def:1000452 The remote host is missing a patch 152643-07 containing a security fix. For more information please visit the reference link. |