Advisories » MGASA-2015-0254

Updated apache-mod_jk package fixes security vulnerability

Publication date: 01 Jul 2015
Modification date: 09 Jul 2015
Type: security
Affected Mageia releases : 4
CVE: CVE-2014-8111

Description

An information disclosure flaw due to incorrect JkMount/JkUnmount
directives processing was found in the Apache 2 module mod_jk to forward
requests from the Apache web server to Tomcat. A JkUnmount rule for a
subtree of a previous JkMount rule could be ignored. This could allow a
remote attacker to potentially access a private artifact in a tree that
would otherwise not be accessible to them (CVE-2014-8111).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=16078
• https://www.debian.org/security/2015/dsa-3278
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8111

SRPMS

4/core

• apache-mod_jk-1.2.37-6.2.mga4