VYPR

rpm package

suse/apache2-mod_jk&distro=SUSE Linux Enterprise Server 12

pkg:rpm/suse/apache2-mod_jk&distro=SUSE%20Linux%20Enterprise%20Server%2012

Vulnerabilities (4)

  • CVE-2015-3185Jul 20, 2015
    affected < 1.2.40-2.6.1fixed 1.2.40-2.6.1

    The ap_some_auth_required function in server/request.c in the Apache HTTP Server 2.4.x before 2.4.14 does not consider that a Require directive may be associated with an authorization setting rather than an authentication setting, which allows remote attackers to bypass intended

  • CVE-2015-3183Jul 20, 2015
    affected < 1.2.40-2.6.1fixed 1.2.40-2.6.1

    The chunked transfer coding implementation in the Apache HTTP Server before 2.4.14 does not properly parse chunk headers, which allows remote attackers to conduct HTTP request smuggling attacks via a crafted request, related to mishandling of large chunk-size values and invalid c

  • CVE-2015-4000LowMay 21, 2015
    affected < 1.2.40-2.6.1fixed 1.2.40-2.6.1

    The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by D

  • CVE-2014-8111Apr 21, 2015
    affected < 1.2.40-2.6.1fixed 1.2.40-2.6.1

    Apache Tomcat Connectors (mod_jk) before 1.2.41 ignores JkUnmount rules for subtrees of previous JkMount rules, which allows remote attackers to access otherwise restricted artifacts via unspecified vectors.