Apache Tomcat Connectors (mod_jk) before 1.2.41 ignores JkUnmount rules for subtrees of previous JkMount rules, which allows remote attackers to access otherwise restricted artifacts via unspecified vectors.
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "libapache-mod-jk-doc": "1:1.2.40+svn150520-1", "libapache2-mod-jk": "1:1.2.40+svn150520-1", "libapache2-mod-jk-dbgsym": "1:1.2.40+svn150520-1" } ] }