rpm package
opensuse/apache2-mod_jk&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/apache2-mod_jk&distro=openSUSE%20Tumbleweed
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2018-11759 | — | < 1.2.48-2.9 | 1.2.48-2.9 | Oct 31, 2018 | The Apache Web Server (httpd) specific code that normalised the requested path before matching it to the URI-worker map in Apache Tomcat JK (mod_jk) Connector 1.2.0 to 1.2.44 did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed | ||
| CVE-2018-1323 | Hig | 7.5 | < 1.2.48-2.9 | 1.2.48-2.9 | Mar 12, 2018 | The IIS/ISAPI specific code in the Apache Tomcat JK ISAPI Connector 1.2.0 to 1.2.42 that normalised the requested path before matching it to the URI-worker map did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via IIS, then i | |
| CVE-2014-8111 | — | < 1.2.41-1.5 | 1.2.41-1.5 | Apr 21, 2015 | Apache Tomcat Connectors (mod_jk) before 1.2.41 ignores JkUnmount rules for subtrees of previous JkMount rules, which allows remote attackers to access otherwise restricted artifacts via unspecified vectors. | ||
| CVE-2008-5519 | — | < 1.2.41-1.5 | 1.2.41-1.5 | Apr 9, 2009 | The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving (1) a request from a different client that included a Content-Length | ||
| CVE-2007-0774 | — | < 1.2.48-2.9 | 1.2.48-2.9 | Mar 4, 2007 | Stack-based buffer overflow in the map_uri_to_worker function (native/common/jk_uri_worker_map.c) in mod_jk.so for Apache Tomcat JK Web Server Connector 1.2.19 and 1.2.20, as used in Tomcat 4.1.34 and 5.5.20, allows remote attackers to execute arbitrary code via a long URL that t |
- CVE-2018-11759Oct 31, 2018affected < 1.2.48-2.9fixed 1.2.48-2.9
The Apache Web Server (httpd) specific code that normalised the requested path before matching it to the URI-worker map in Apache Tomcat JK (mod_jk) Connector 1.2.0 to 1.2.44 did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed
- affected < 1.2.48-2.9fixed 1.2.48-2.9
The IIS/ISAPI specific code in the Apache Tomcat JK ISAPI Connector 1.2.0 to 1.2.42 that normalised the requested path before matching it to the URI-worker map did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via IIS, then i
- CVE-2014-8111Apr 21, 2015affected < 1.2.41-1.5fixed 1.2.41-1.5
Apache Tomcat Connectors (mod_jk) before 1.2.41 ignores JkUnmount rules for subtrees of previous JkMount rules, which allows remote attackers to access otherwise restricted artifacts via unspecified vectors.
- CVE-2008-5519Apr 9, 2009affected < 1.2.41-1.5fixed 1.2.41-1.5
The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving (1) a request from a different client that included a Content-Length
- CVE-2007-0774Mar 4, 2007affected < 1.2.48-2.9fixed 1.2.48-2.9
Stack-based buffer overflow in the map_uri_to_worker function (native/common/jk_uri_worker_map.c) in mod_jk.so for Apache Tomcat JK Web Server Connector 1.2.19 and 1.2.20, as used in Tomcat 4.1.34 and 5.5.20, allows remote attackers to execute arbitrary code via a long URL that t