Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 441
Alerts This Week
Warning Icon 1 441

Debian: DSA-4357-1 Moderate: Libapache-Mod-Jk Access Control Bypass

debian
Calendar Grey December 20, 2018
Debian Logo
Uncover the specifics surrounding DSA-4357-1, a security advisory concerning the libapache-mod-jk that tackles a severe access control vulnerability.
Raphael Arrouas and Jean Lejeune discovered an access control bypass vulnerability in mod_jk, the Apache connector for the Tomcat Java servlet engine

Summary

https://tomcat.apache.org/connectors-doc/miscellaneous/changelog.html#Changes_between_1.2.42_and_1.2.43
https://tomcat.apache.org/connectors-doc/miscellaneous/changelog.html#Changes_between_1.2.43_and_1.2.44
https://tomcat.apache.org/connectors-doc/miscellaneous/changelog.html#Changes_between_1.2.44_and_1.2.45
https://tomcat.apache.org/connectors-doc/miscellaneous/changelog.html#Changes_between_1.2.45_and_1.2.46

For the stable distribution (stretch), this problem has been fixed in
version 1:1.2.46-0+deb9u1.

We recommend that you upgrade your libapache-mod-jk packages.

For the detailed security status of libapache-mod-jk please refer to its
security tracker page at:
https://security-tracker.debian.org/tracker/source-package/libapache-mod-jk

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/



Package: libapache-mod-jk
CVE ID: CVE-2018-11759

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.