Bugzilla – Bug 1215301
VUL-0: CVE-2023-41081: apache2-mod_jk: information disclosure
Last modified: 2024-06-02 09:50:43 UTC
CVE-2023-41081 Posted by Mark Thomas on Sep 13CVE-2023-41081 Apache Tomcat Connectors (mod_jk) Information Disclosure Severity: Important Vendor: The Apache Software Foundation Versions Affected: - Apache Tomcat Connectors mod_jk Connector 1.2.0 to 1.2.48 Description: In some circumstances, such as when a configuration included "JkOptions +ForwardDirectories" but the configuration did not provide explicit mounts for all possible proxied requests, mod_jk would use an implicit... References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41081 https://seclists.org/oss-sec/2023/q3/176
Submitted change request 312326, which addresses this issue with an update to version 1.2.49.
SUSE-SU-2024:1198-1: An update that solves one vulnerability and has two security fixes can now be installed. Category: security (moderate) Bug References: 1167896, 1206261, 1215301 CVE References: CVE-2023-41081 Maintenance Incident: [SUSE:Maintenance:33158](https://smelt.suse.de/incident/33158/) Sources used: SUSE Linux Enterprise High Performance Computing 12 SP5 (src): apache2-mod_jk-1.2.49-7.9.1 SUSE Linux Enterprise Server 12 SP5 (src): apache2-mod_jk-1.2.49-7.9.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src): apache2-mod_jk-1.2.49-7.9.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.