CVE-2014-8111 — Sensitive Information Exposure in Apache Tomcat Connectors

CWE-200 — Sensitive Information Exposure7 documents7 sources

Severity

5.0MEDIUMNVD

EPSS

3.7%

top 11.98%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Tomcat Connectors

Timeline

PublishedApr 21

Latest updateMay 14

Description

Apache Tomcat Connectors (mod_jk) before 1.2.41 ignores JkUnmount rules for subtrees of previous JkMount rules, which allows remote attackers to access otherwise restricted artifacts via unspecified vectors.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDapache/tomcat_connectors1.2.40

🔴Vulnerability Details

GHSA

GHSA-f49p-9mwv-783f: Apache Tomcat Connectors (mod_jk) before 1↗2022-05-14

▶

OSV

CVE-2014-8111: Apache Tomcat Connectors (mod_jk) before 1↗2015-04-21

▶

CVEList

CVE-2014-8111: Apache Tomcat Connectors (mod_jk) before 1↗2015-04-21

▶

📋Vendor Advisories

Red Hat

mod_jk: information leak due to incorrect JkMount/JkUnmount directives processing↗2015-04-14

▶

Debian

CVE-2014-8111: libapache-mod-jk - Apache Tomcat Connectors (mod_jk) before 1.2.41 ignores JkUnmount rules for subt...↗2014

▶

💬Community

Bugzilla

CVE-2014-8111 Tomcat mod_jk: information leak due to incorrect JkMount/JkUnmount directives processing↗2015-01-15

▶