the following vulnerability was published for libapache-mod-jk.
| Apache Tomcat Connectors (mod_jk) before 1.2.41 ignores JkUnmount
| rules for subtrees of previous JkMount rules, which allows remote
| attackers to access otherwise restricted artifacts via unspecified
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
Please adjust the affected versions in the BTS as needed.
The upstream fix is here: http://svn.apache.org/r1647017
Feel freet to lower the severiy if you believe the issue to be minor. I'm
not familiar enough with the software to be able to judge.
Raphaël Hertzog ◈ Debian Developer
Support Debian LTS: http://www.freexian.com/services/debian-lts.html
Learn to master Debian: http://debian-handbook.info/get/
This is the maintainer address of Debian's Java team
debian-j...@lists.debian.org for discussions and questions.