mod_jk could allow unintended access to network services.
Software Description:
- libapache-mod-jk: Apache 2 connector for the Tomcat Java servlet engine
Details:
Karl von Randow discovered that mod_jk was vulnerable to an authentication
bypass. If the configuration did not provide explicit mounts for all
possible proxied requests, an attacker could possibly use this
vulnerability to bypass security constraints configured in httpd.
The problem can be corrected by updating your system to the following package versions: Ubuntu 23.10 libapache2-mod-jk 1:1.2.48-2ubuntu0.1 Ubuntu 22.04 LTS libapache2-mod-jk 1:1.2.48-1ubuntu0.1 Ubuntu 20.04 LTS libapache2-mod-jk 1:1.2.46-1ubuntu0.1 Ubuntu 18.04 LTS libapache2-mod-jk 1:1.2.43-1ubuntu0.1~esm1 Available with Ubuntu Pro Ubuntu 16.04 LTS libapache2-mod-jk 1:1.2.41-1ubuntu0.1~esm1 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes.
https://ubuntu.com/security/notices/USN-6826-1
CVE-2023-41081
Get the latest Linux and open source security news straight to your inbox.