rpm package
almalinux/mod_jk
pkg:rpm/almalinux/mod_jk
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-46544 | — | < 1.2.50-1.el9_4.1 | 1.2.50-1.el9_4.1 | Sep 23, 2024 | Incorrect Default Permissions vulnerability in Apache Tomcat Connectors allows local users to view and modify shared memory containing mod_jk configuration which may lead to information disclosure and/or denial of service. This issue affects Apache Tomcat Connectors: from 1.2.9- | ||
| CVE-2023-6710 | — | < 1.2.49-1.el9_4 | 1.2.49-1.el9_4 | Dec 12, 2023 | A flaw was found in the mod_proxy_cluster in the Apache server. This issue may allow a malicious user to add a script in the 'alias' parameter in the URL to trigger the stored cross-site scripting (XSS) vulnerability. By adding a script on the alias parameter on the URL, it adds | ||
| CVE-2023-41081 | — | < 1.2.49-1.el9_4 | 1.2.49-1.el9_4 | Sep 13, 2023 | Important: Authentication Bypass CVE-2023-41081 The mod_jk component of Apache Tomcat Connectors in some circumstances, such as when a configuration included "JkOptions +ForwardDirectories" but the configuration did not provide explicit mounts for all possible proxied requ |
- CVE-2024-46544Sep 23, 2024affected < 1.2.50-1.el9_4.1fixed 1.2.50-1.el9_4.1
Incorrect Default Permissions vulnerability in Apache Tomcat Connectors allows local users to view and modify shared memory containing mod_jk configuration which may lead to information disclosure and/or denial of service. This issue affects Apache Tomcat Connectors: from 1.2.9-
- CVE-2023-6710Dec 12, 2023affected < 1.2.49-1.el9_4fixed 1.2.49-1.el9_4
A flaw was found in the mod_proxy_cluster in the Apache server. This issue may allow a malicious user to add a script in the 'alias' parameter in the URL to trigger the stored cross-site scripting (XSS) vulnerability. By adding a script on the alias parameter on the URL, it adds
- CVE-2023-41081Sep 13, 2023affected < 1.2.49-1.el9_4fixed 1.2.49-1.el9_4
Important: Authentication Bypass CVE-2023-41081 The mod_jk component of Apache Tomcat Connectors in some circumstances, such as when a configuration included "JkOptions +ForwardDirectories" but the configuration did not provide explicit mounts for all possible proxied requ