Updated apache-mod_jk package fixes security vulnerability
Publication date: 01 Jul 2015Modification date: 09 Jul 2015
Type: security
Affected Mageia releases : 4
CVE: CVE-2014-8111
Description
An information disclosure flaw due to incorrect JkMount/JkUnmount directives processing was found in the Apache 2 module mod_jk to forward requests from the Apache web server to Tomcat. A JkUnmount rule for a subtree of a previous JkMount rule could be ignored. This could allow a remote attacker to potentially access a private artifact in a tree that would otherwise not be accessible to them (CVE-2014-8111).
References
SRPMS
4/core
- apache-mod_jk-1.2.37-6.2.mga4