VDB

GCVE-110-MAGEIA-2024-130

GCVE-110-MAGEIA-2024-130
Advisory Published
Vulnetix · Advisory published April 13, 2024
The mod_jk component of Apache Tomcat Connectors in some circumstances, such as when a configuration included "JkOptions +ForwardDirectories" but the configuration did not provide explicit mounts for all possible proxied requests, mod_jk would use an implicit mapping and map the request to the first defined worker. Such an implicit mapping could result in the unintended exposure of the status worker and/or bypass security constraints configured in httpd. As of JK 1.2.49, the implicit mapping functionality has been removed and all mappings must now be via explicit configuration. (CVE-2023-41081)

Affected Products

VendorProductVersionsPlatforms
Mageiaapache-mod_jk1.2.49-1.mga9 (unaffected), 0 (affected), 1.2.49-1.mga9 (unaffected), 0 (affected)
Mageiai2pd0 (affected), 2.47.0-2.1.mga9 (unaffected)
Mageialxcfs0 (affected), 5.0.3-1.1.mga9 (unaffected)

Browse GCVE Records

72,096 records in the GCVE database · Updated July 14, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›