5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
5.3 Medium
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
64.4%
Package : libapache-mod-jk
Version : 1:1.2.30-1squeeze2
CVE ID : CVE-2014-8111
Debian Bug : 783233
An information disclosure flaw due to incorrect JkMount/JkUnmount
directives processing was found in the Apache 2 module mod_jk to forward
requests from the Apache web server to Tomcat. A JkUnmount rule for a subtree
of a previous JkMount rule could be ignored. This could allow a remote attacker
to potentially access a private artifact in a tree that would otherwise not be
accessible to them.
For the squeeze distribution, this problem has been fixed in version
1:1.2.30-1squeeze2.
We recommend that you upgrade your libapache-mod-jk packages.
RaphaΓ«l Hertzog β Debian Developer
Support Debian LTS: http://www.freexian.com/services/debian-lts.html
Learn to master Debian: http://debian-handbook.info/get/
Attachment:
signature.asc
Description: Digital signature
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 6 | all | libapache-mod-jk | <Β 1:1.2.30-1squeeze2 | libapache-mod-jk_1:1.2.30-1squeeze2_all.deb |
Debian | 8 | amd64 | libapache2-mod-jk | <Β 1:1.2.37-4+deb8u1 | libapache2-mod-jk_1:1.2.37-4+deb8u1_amd64.deb |
Debian | 6 | all | libapache-mod-jk-doc | <Β 1:1.2.30-1squeeze2 | libapache-mod-jk-doc_1:1.2.30-1squeeze2_all.deb |
Debian | 8 | kfreebsd-amd64 | libapache2-mod-jk | <Β 1:1.2.37-4+deb8u1 | libapache2-mod-jk_1:1.2.37-4+deb8u1_kfreebsd-amd64.deb |
Debian | 8 | armhf | libapache2-mod-jk | <Β 1:1.2.37-4+deb8u1 | libapache2-mod-jk_1:1.2.37-4+deb8u1_armhf.deb |
Debian | 8 | arm64 | libapache2-mod-jk | <Β 1:1.2.37-4+deb8u1 | libapache2-mod-jk_1:1.2.37-4+deb8u1_arm64.deb |
Debian | 7 | all | libapache-mod-jk | <Β 1:1.2.37-1+deb7u1 | libapache-mod-jk_1:1.2.37-1+deb7u1_all.deb |
Debian | 7 | powerpc | libapache2-mod-jk | <Β 1:1.2.37-1+deb7u1 | libapache2-mod-jk_1:1.2.37-1+deb7u1_powerpc.deb |
Debian | 7 | sparc | libapache2-mod-jk | <Β 1:1.2.37-1+deb7u1 | libapache2-mod-jk_1:1.2.37-1+deb7u1_sparc.deb |
Debian | 6 | i386 | libapache2-mod-jk | <Β 1:1.2.30-1squeeze2 | libapache2-mod-jk_1:1.2.30-1squeeze2_i386.deb |