Описание
Apache Tomcat Connectors (mod_jk) before 1.2.41 ignores JkUnmount rules for subtrees of previous JkMount rules, which allows remote attackers to access otherwise restricted artifacts via unspecified vectors.
It was discovered that a JkUnmount rule for a subtree of a previous JkMount rule could be ignored. This could allow a remote attacker to potentially access a private artifact in a tree that would otherwise not be accessible to them.
Отчет
Red Hat Product Security has rated this issue as having Moderate security impact. This issue is not currently planned to be addressed in future updates of Red Hat Enterprise Application Platform 4 and 5, and Red Hat JBoss Web Server 1. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat JBoss Middleware and Red Hat JBoss Operations Network Product Update and Support Policy: https://access.redhat.com/support/policy/updates/jboss_notes/. This issue did not affect Red Hat JBoss Web Server 3.x. This issue does affect Red Hat JBoss Web Server 2.x; a future update may address this issue.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat JBoss Enterprise Application Platform 4 | mod_jk | Will not fix | ||
| Red Hat JBoss Enterprise Application Platform 5 | mod_jk | Will not fix | ||
| Red Hat JBoss Enterprise Web Server 1 | mod_jk | Will not fix | ||
| Red Hat JBoss Enterprise Application Platform 6.4 | Fixed | RHSA-2015:0849 | 16.04.2015 | |
| Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 | apache-commons-cli-eap6 | Fixed | RHSA-2015:0846 | 16.04.2015 |
| Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 | apache-commons-codec-eap6 | Fixed | RHSA-2015:0846 | 16.04.2015 |
| Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 | apache-commons-configuration-eap6 | Fixed | RHSA-2015:0846 | 16.04.2015 |
| Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 | apache-commons-daemon-eap6 | Fixed | RHSA-2015:0846 | 16.04.2015 |
| Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 | apache-commons-io-eap6 | Fixed | RHSA-2015:0846 | 16.04.2015 |
| Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 | apache-commons-lang-eap6 | Fixed | RHSA-2015:0846 | 16.04.2015 |
Показывать по
Дополнительная информация
Статус:
EPSS
5 Medium
CVSS2
Связанные уязвимости
Apache Tomcat Connectors (mod_jk) before 1.2.41 ignores JkUnmount rules for subtrees of previous JkMount rules, which allows remote attackers to access otherwise restricted artifacts via unspecified vectors.
Apache Tomcat Connectors (mod_jk) before 1.2.41 ignores JkUnmount rules for subtrees of previous JkMount rules, which allows remote attackers to access otherwise restricted artifacts via unspecified vectors.
Apache Tomcat Connectors (mod_jk) before 1.2.41 ignores JkUnmount rule ...
Apache Tomcat Connectors (mod_jk) before 1.2.41 ignores JkUnmount rules for subtrees of previous JkMount rules, which allows remote attackers to access otherwise restricted artifacts via unspecified vectors.
EPSS
5 Medium
CVSS2