Source: libapache-mod-jk
Severity: serious 
Tags: security


the following vulnerability was published for libapache-mod-jk.

| Apache Tomcat Connectors (mod_jk) before 1.2.41 ignores JkUnmount
| rules for subtrees of previous JkMount rules, which allows remote
| attackers to access otherwise restricted artifacts via unspecified
| vectors.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

    Please adjust the affected versions in the BTS as needed.

The upstream fix is here:

Feel freet to lower the severiy if you believe the issue to be minor. I'm
not familiar enough with the software to be able to judge.

Raphaël Hertzog ◈ Debian Developer

Support Debian LTS:
Learn to master Debian:

This is the maintainer address of Debian's Java team
Please use for discussions and questions.

Reply via email to