Home > Vulnerability Database > CVE-2014-8111

Mend.io Vulnerability Database

CVE-2014-8111

Good to know:

Date: April 21, 2015

Apache Tomcat Connectors (mod_jk) before 1.2.41 ignores JkUnmount rules for subtrees of previous JkMount rules, which allows remote attackers to access otherwise restricted artifacts via unspecified vectors.

Language: C

Severity Score

5.3

Related Resources (18)

Url: http://www.debian.org/security/2015/dsa-3278

Url: http://rhn.redhat.com/errata/RHSA-2015-0846.html

Url: https://lists.apache.org/thread.html/277d42b48b6e9aef50949c0dcc79ce21693091d73da246b3c1981925%40%3Cdev.tomcat.apache.org%3E

Url: http://rhn.redhat.com/errata/RHSA-2015-1641.html

Url: https://lists.apache.org/thread.html/8d2a579bbd977c225c70cb23b0ec54865fb0dab5da3eff1e060c9935%40%3Cdev.tomcat.apache.org%3E

Url: http://www.securityfocus.com/bid/74265

Url: https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3E

Url: https://nvd.nist.gov/vuln/detail/CVE-2014-8111

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2014-8111

Url: http://rhn.redhat.com/errata/RHSA-2015-0848.html

Url: https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3E

Url: http://rhn.redhat.com/errata/RHSA-2015-0849.html

Url: https://security-tracker.debian.org/tracker/CVE-2014-8111

Url: https://lists.apache.org/thread.html/5b7a23e245c93235c503900da854a143596d901bf1a1f67e851a5de4%40%3Cdev.tomcat.apache.org%3E

Url: http://rhn.redhat.com/errata/RHSA-2015-0847.html

Url: https://lists.apache.org/thread.html/r5c616dfc49156e4b06ffab842800c80f4425924d0f20c452c127a53c%40%3Cdev.tomcat.apache.org%3E

Url: http://rhn.redhat.com/errata/RHSA-2015-1642.html

Url: https://www.mend.io/vulnerability-database/CVE-2014-8111

Severity Score

5.3

Weakness Type (CWE)

Information Leak / Disclosure

CWE-200

Top Fix

Upgrade Version

Upgrade to version 1.2.41

Learn More

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

CVSS v2

Base Score:	5.0
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2014-8111

Good to know:

Date: April 21, 2015

Language: C

Severity Score

Related Resources (18)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?