Alerts This Week
Warning Icon 1 1,153
Alerts This Week
Warning Icon 1 1,153

Ubuntu: USN-6826-1 Moderate: mod_jk Authentication Bypass

ubuntu
Calendar Grey June 11, 2024
Dist Ubuntu Esm H88
A critical vulnerability in mod_jk could lead to unauthorized access due to authentication flaws. Users must upgrade and review configurations to secure systems.
mod_jk could allow unintended access to network services.

Summary

mod_jk could allow unintended access to network services.

Software Description:

- libapache-mod-jk: Apache 2 connector for the Tomcat Java servlet engine

Details:

Karl von Randow discovered that mod_jk was vulnerable to an authentication

bypass. If the configuration did not provide explicit mounts for all

possible proxied requests, an attacker could possibly use this

vulnerability to bypass security constraints configured in httpd.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 23.10
   libapache2-mod-jk               1:1.2.48-2ubuntu0.1

Ubuntu 22.04 LTS
   libapache2-mod-jk               1:1.2.48-1ubuntu0.1

Ubuntu 20.04 LTS
   libapache2-mod-jk               1:1.2.46-1ubuntu0.1

Ubuntu 18.04 LTS
   libapache2-mod-jk               1:1.2.43-1ubuntu0.1~esm1
                                   Available with Ubuntu Pro

Ubuntu 16.04 LTS
   libapache2-mod-jk               1:1.2.41-1ubuntu0.1~esm1
                                   Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References

  https://ubuntu.com/security/notices/USN-6826-1

  CVE-2023-41081

Severity
important
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-6826-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here