VDB
GCVE-110-MAGEIA-2024-130
GCVE-110-MAGEIA-2024-130
Advisory Published
The mod_jk component of Apache Tomcat Connectors in some circumstances,
such as when a configuration included "JkOptions +ForwardDirectories"
but the configuration did not provide explicit mounts for all possible
proxied requests, mod_jk would use an implicit mapping and map the
request to the first defined worker. Such an implicit mapping could
result in the unintended exposure of the status worker and/or bypass
security constraints configured in httpd. As of JK 1.2.49, the implicit
mapping functionality has been removed and all mappings must now be via
explicit configuration. (CVE-2023-41081)
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | apache-mod_jk | 1.2.49-1.mga9 (unaffected), 0 (affected), 1.2.49-1.mga9 (unaffected), 0 (affected) | — |
| Mageia | i2pd | 0 (affected), 2.47.0-2.1.mga9 (unaffected) | — |
| Mageia | lxcfs | 0 (affected), 5.0.3-1.1.mga9 (unaffected) | — |
Aliases
References
Browse GCVE Records
72,096 records in the GCVE database · Updated July 14, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.