English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.805612
Category:Web Servers
Title:Apache Tomcat JK Connector (mod_jk) < 1.2.41 Authentication Bypass Vulnerability
Summary:Apache Tomcat JK Connector (mod_jk) is prone to an; authentication bypass vulnerability.
Description:Summary:
Apache Tomcat JK Connector (mod_jk) is prone to an
authentication bypass vulnerability.

Vulnerability Insight:
The flaw is triggered due to the incorrect handling of the
JkMount and JkUnmount directives, which can lead to the exposure of a private artifact in a tree.

Vulnerability Impact:
Successful exploitation will allow remote attacker to gain access
to potentially sensitive information.

Affected Software/OS:
Apache Tomcat JK Connector (mod_jk) before 1.2.41.

Solution:
Update to version 1.2.41 or later.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2014-8111
BugTraq ID: 74265
http://www.securityfocus.com/bid/74265
Debian Security Information: DSA-3278 (Google Search)
http://www.debian.org/security/2015/dsa-3278
https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/8d2a579bbd977c225c70cb23b0ec54865fb0dab5da3eff1e060c9935@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/277d42b48b6e9aef50949c0dcc79ce21693091d73da246b3c1981925@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/5b7a23e245c93235c503900da854a143596d901bf1a1f67e851a5de4@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r5c616dfc49156e4b06ffab842800c80f4425924d0f20c452c127a53c@%3Cdev.tomcat.apache.org%3E
RedHat Security Advisories: RHSA-2015:0846
http://rhn.redhat.com/errata/RHSA-2015-0846.html
RedHat Security Advisories: RHSA-2015:0847
http://rhn.redhat.com/errata/RHSA-2015-0847.html
RedHat Security Advisories: RHSA-2015:0848
http://rhn.redhat.com/errata/RHSA-2015-0848.html
RedHat Security Advisories: RHSA-2015:0849
http://rhn.redhat.com/errata/RHSA-2015-0849.html
RedHat Security Advisories: RHSA-2015:1641
http://rhn.redhat.com/errata/RHSA-2015-1641.html
RedHat Security Advisories: RHSA-2015:1642
http://rhn.redhat.com/errata/RHSA-2015-1642.html
CopyrightCopyright (C) 2015 Greenbone Networks GmbH

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.