VYPR

rpm package

opensuse/apache2-mod_jk&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/apache2-mod_jk&distro=openSUSE%20Tumbleweed

Vulnerabilities (5)

  • CVE-2018-11759Oct 31, 2018
    affected < 1.2.48-2.9fixed 1.2.48-2.9

    The Apache Web Server (httpd) specific code that normalised the requested path before matching it to the URI-worker map in Apache Tomcat JK (mod_jk) Connector 1.2.0 to 1.2.44 did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed

  • CVE-2018-1323HigMar 12, 2018
    affected < 1.2.48-2.9fixed 1.2.48-2.9

    The IIS/ISAPI specific code in the Apache Tomcat JK ISAPI Connector 1.2.0 to 1.2.42 that normalised the requested path before matching it to the URI-worker map did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via IIS, then i

  • CVE-2014-8111Apr 21, 2015
    affected < 1.2.41-1.5fixed 1.2.41-1.5

    Apache Tomcat Connectors (mod_jk) before 1.2.41 ignores JkUnmount rules for subtrees of previous JkMount rules, which allows remote attackers to access otherwise restricted artifacts via unspecified vectors.

  • CVE-2008-5519Apr 9, 2009
    affected < 1.2.41-1.5fixed 1.2.41-1.5

    The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving (1) a request from a different client that included a Content-Length

  • CVE-2007-0774Mar 4, 2007
    affected < 1.2.48-2.9fixed 1.2.48-2.9

    Stack-based buffer overflow in the map_uri_to_worker function (native/common/jk_uri_worker_map.c) in mod_jk.so for Apache Tomcat JK Web Server Connector 1.2.19 and 1.2.20, as used in Tomcat 4.1.34 and 5.5.20, allows remote attackers to execute arbitrary code via a long URL that t