Apache Tomcat Connectors vulnerabilities

CVE-2024-46544 [MEDIUM] CWE-276 CVE-2024-46544: Incorrect Default Permissions vulnerability in Apache Tomcat Connectors allows local users to view a Incorrect Default Permissions vulnerability in Apache Tomcat Connectors allows local users to view and modify shared memory containing mod_jk configuration which may lead to information disclosure and/or denial of service. This issue affects Apache Tomcat Connectors: from 1.2.9-beta through 1.2.49. Only mod_jk on Unix like systems is affected. Neit

CVE-2023-41081 [HIGH] CVE-2023-41081: Important: Authentication Bypass CVE-2023-41081 The mod_jk component of Apache Tomcat Connectors in Important: Authentication Bypass CVE-2023-41081 The mod_jk component of Apache Tomcat Connectors in some circumstances, such as when a configuration included "JkOptions +ForwardDirectories" but the configuration did not provide explicit mounts for all possible proxied requests, mod_jk would use an implicit mapping and map the request to the first defined wor

CVE-2014-8111 [MEDIUM] CWE-200 CVE-2014-8111: Apache Tomcat Connectors (mod_jk) before 1.2.41 ignores JkUnmount rules for subtrees of previous JkM Apache Tomcat Connectors (mod_jk) before 1.2.41 ignores JkUnmount rules for subtrees of previous JkMount rules, which allows remote attackers to access otherwise restricted artifacts via unspecified vectors.