Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv3

CVE-2023-41081

Published: 13/09/2023 Updated: 29/09/2023
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 0
Subscribe to Tomcat Connectors

Vulnerability Summary

Important: Authentication Bypass CVE-2023-41081 The mod_jk component of Apache Tomcat Connectors in some circumstances, such as when a configuration included "JkOptions +ForwardDirectories" but the configuration did not provide explicit mounts for all possible proxied requests, mod_jk would use an implicit mapping and map the request to the first defined worker. Such an implicit mapping could result in the unintended exposure of the status worker and/or bypass security constraints configured in httpd. As of JK 1.2.49, the implicit mapping functionality has been removed and all mappings must now be via explicit configuration. Only mod_jk is affected by this issue. The ISAPI redirector is not affected. This issue affects Apache Tomcat Connectors (mod_jk only): from 1.2.0 up to and including 1.2.48. Users are recommended to upgrade to version 1.2.49, which fixes the issue. History 2023-09-13 Original advisory 2023-09-28 Updated summary

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apache tomcat connectors

Vendor Advisories

Debian CVElist Bug Report Logs: libapache-mod-jk: CVE-2023-41081
Debian Bug report logs - #1051956 libapache-mod-jk: CVE-2023-41081 Package: src:libapache-mod-jk; Maintainer for src:libapache-mod-jk is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 14 Sep 2023 19:09:02 UTC Severity: important ...
Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.57 SP2 security update
概述 Important: Red Hat JBoss Core Services Apache HTTP Server 2457 SP2 security update 类型/严重性 Security Advisory: Important 标题 Red Hat JBoss Core Services Apache HTTP Server 2457 Service Pack 2 is now availableRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability S ...
Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.57 SP2 security update
概述 Important: Red Hat JBoss Core Services Apache HTTP Server 2457 SP2 security update 类型/严重性 Security Advisory: Important Red Hat Insights 补丁分析 识别并修复受此公告影响的系统。 查看受影响的系统 标题 An update is now available for Red Hat JBoss Core ServicesRed Hat Product Security has ...
Red Hat:
Description<!---->A vulnerability was found in Apache Tomcat Connectors (mod_jk) Affected versions of this package are vulnerable to information exposure in the mod_jk component This flaw allows an attacker to exploit the implicit mapping functionality, resulting in the unintended exposure of the status worker and bypassing security constraints c ...

References

NVD-CWE-noinfohttps://lists.apache.org/thread/rd1r26w7271jyqgzr4492tooyt583d8bhttps://lists.debian.org/debian-lts-announce/2023/09/msg00027.htmlhttps://www.openwall.com/lists/oss-security/2023/09/13/2http://www.openwall.com/lists/oss-security/2023/09/28/7https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051956https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2023-41081
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2006-4304CVE-2024-4240arbitrary CVE-2024-31601XSSCVE-2023-20198CVE-2024-4256CVE-2024-3342encryption
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook