rpm package
suse/apache2-mod_jk&distro=SUSE Linux Enterprise Server for SAP Applications 12
pkg:rpm/suse/apache2-mod_jk&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2015-3185 | — | < 1.2.40-2.6.1 | 1.2.40-2.6.1 | Jul 20, 2015 | The ap_some_auth_required function in server/request.c in the Apache HTTP Server 2.4.x before 2.4.14 does not consider that a Require directive may be associated with an authorization setting rather than an authentication setting, which allows remote attackers to bypass intended | ||
| CVE-2015-3183 | — | < 1.2.40-2.6.1 | 1.2.40-2.6.1 | Jul 20, 2015 | The chunked transfer coding implementation in the Apache HTTP Server before 2.4.14 does not properly parse chunk headers, which allows remote attackers to conduct HTTP request smuggling attacks via a crafted request, related to mishandling of large chunk-size values and invalid c | ||
| CVE-2015-4000 | Low | 3.7 | < 1.2.40-2.6.1 | 1.2.40-2.6.1 | May 21, 2015 | The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by D | |
| CVE-2014-8111 | — | < 1.2.40-2.6.1 | 1.2.40-2.6.1 | Apr 21, 2015 | Apache Tomcat Connectors (mod_jk) before 1.2.41 ignores JkUnmount rules for subtrees of previous JkMount rules, which allows remote attackers to access otherwise restricted artifacts via unspecified vectors. |
- CVE-2015-3185Jul 20, 2015affected < 1.2.40-2.6.1fixed 1.2.40-2.6.1
The ap_some_auth_required function in server/request.c in the Apache HTTP Server 2.4.x before 2.4.14 does not consider that a Require directive may be associated with an authorization setting rather than an authentication setting, which allows remote attackers to bypass intended
- CVE-2015-3183Jul 20, 2015affected < 1.2.40-2.6.1fixed 1.2.40-2.6.1
The chunked transfer coding implementation in the Apache HTTP Server before 2.4.14 does not properly parse chunk headers, which allows remote attackers to conduct HTTP request smuggling attacks via a crafted request, related to mishandling of large chunk-size values and invalid c
- affected < 1.2.40-2.6.1fixed 1.2.40-2.6.1
The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by D
- CVE-2014-8111Apr 21, 2015affected < 1.2.40-2.6.1fixed 1.2.40-2.6.1
Apache Tomcat Connectors (mod_jk) before 1.2.41 ignores JkUnmount rules for subtrees of previous JkMount rules, which allows remote attackers to access otherwise restricted artifacts via unspecified vectors.