Apache Tomcat Connectors (mod_jk) before 1.2.41 ignores JkUnmount rules for subtrees of previous JkMount rules, which allows remote attackers to access otherwise restricted artifacts via unspecified vectors.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8111
Reference (s):
- BID:74265
- URL: http://www.securityfocus.com/bid/74265
- DEBIAN:DSA-3278
- URL: http://www.debian.org/security/2015/dsa-3278
- MLIST:[tomcat-dev] 20190319 svn commit: r1855831 [26/30] – in /tomcat/site/trunk: ./ docs/ xdocs/