{"id":"UBUNTU-CVE-2014-8111","details":"Apache Tomcat Connectors (mod_jk) before 1.2.41 ignores JkUnmount rules for subtrees of previous JkMount rules, which allows remote attackers to access otherwise restricted artifacts via unspecified vectors.","modified":"2025-07-16T07:48:09.946773Z","published":"2015-04-21T17:59:00Z","withdrawn":"2025-07-18T16:43:05Z","upstream":["CVE-2014-8111"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2014-8111"},{"type":"REPORT","url":"http://rhn.redhat.com/errata/RHSA-2015-0849.html"},{"type":"REPORT","url":"http://rhn.redhat.com/errata/RHSA-2015-0848.html"},{"type":"REPORT","url":"http://rhn.redhat.com/errata/RHSA-2015-0847.html"},{"type":"REPORT","url":"http://rhn.redhat.com/errata/RHSA-2015-0846.html"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2014-8111"}],"affected":[{"package":{"name":"libapache-mod-jk","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/libapache-mod-jk@1:1.2.40+svn150520-1?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:1.2.40+svn150520-1"}]}],"ecosystem_specific":{"binaries":[{"binary_name":"libapache-mod-jk-doc","binary_version":"1:1.2.40+svn150520-1"},{"binary_name":"libapache2-mod-jk","binary_version":"1:1.2.40+svn150520-1"},{"binary_name":"libapache2-mod-jk-dbgsym","binary_version":"1:1.2.40+svn150520-1"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2014/UBUNTU-CVE-2014-8111.json"}}],"schema_version":"1.7.3","severity":[{"type":"Ubuntu","score":"medium"}]}