Debian Security Advisory
DSA-3278-1 libapache-mod-jk -- security update
- Date Reported:
- 03 Jun 2015
- Affected Packages:
- Security database references:
- In the Debian bugtracking system: Bug 783233.
In Mitre's CVE dictionary: CVE-2014-8111.
- More information:
An information disclosure flaw due to incorrect JkMount/JkUnmount directives processing was found in the Apache 2 module mod_jk to forward requests from the Apache web server to Tomcat. A JkUnmount rule for a subtree of a previous JkMount rule could be ignored. This could allow a remote attacker to potentially access a private artifact in a tree that would otherwise not be accessible to them.
For the oldstable distribution (wheezy), this problem has been fixed in version 1:1.2.37-1+deb7u1.
For the stable distribution (jessie), this problem has been fixed in version 1:1.2.37-4+deb8u1.
For the testing distribution (stretch), this problem has been fixed in version 1:1.2.40+svn150520-1.
For the unstable distribution (sid), this problem has been fixed in version 1:1.2.40+svn150520-1.
We recommend that you upgrade your libapache-mod-jk packages.