DSA-3278-1 -mod-jk -- libapache-mod-jkID: oval:org.secpod.oval:def:602129 | Date: (C)2015-06-08 (M)2023-11-13 |
Class: PATCH | Family: unix |
An information disclosure flaw due to incorrect JkMount/JkUnmount directives processing was found in the Apache 2 module mod_jk to forward requests from the Apache web server to Tomcat. A JkUnmount rule for a subtree of a previous JkMount rule could be ignored. This could allow a remote attacker to potentially access a private artifact in a tree that would otherwise not be accessible to them.
Platform: |
Debian 8.x |
Debian 7.x |
Product: |
libapache2-mod-jk |