Apache Tomcat Connectors (mod_jk) before 1.2.41 ignores JkUnmount rules for subtrees of previous JkMount rules, which allows remote attackers to access otherwise restricted artifacts via unspecified vectors.
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_version": "1:1.2.40+svn150520-1", "binary_name": "libapache-mod-jk-doc" }, { "binary_version": "1:1.2.40+svn150520-1", "binary_name": "libapache2-mod-jk" }, { "binary_version": "1:1.2.40+svn150520-1", "binary_name": "libapache2-mod-jk-dbgsym" } ] }