Apache Tomcat Connectors Vulnerability Allows Unauthorized Access
CVE-2014-8111

Currently unrated

Key Information:

Vendor: Apache
Status: Tomcat Connectors
Vendor: CVE Published:; 21 April 2015

What is CVE-2014-8111?

The Apache Tomcat Connectors (mod_jk) prior to version 1.2.41 exhibit a flaw where JkUnmount rules are ignored for subtrees under previously defined JkMount rules. This oversight allows remote attackers to gain access to restricted artifacts, undermining the intended security configurations and potentially exposing sensitive data. It is crucial for users to update to the latest version to mitigate this security risk.

References

http://rhn.redhat.com/errata/RHSA-2015-1641.html

vendor-advisoryx_refsource_REDHAT

http://rhn.redhat.com/errata/RHSA-2015-0849.html

vendor-advisoryx_refsource_REDHAT

http://www.debian.org/security/2015/dsa-3278

vendor-advisoryx_refsource_DEBIAN

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 21, 2015
Vulnerability Reserved
Oct 10, 2014