Debian Linux Security Advisory 3278-1 - An information disclosure flaw due to incorrect JkMount/JkUnmount directives processing was found in the Apache 2 module mod_jk to forward requests from the Apache web server to Tomcat. A JkUnmount rule for a subtree of a previous JkMount rule could be ignored. This could allow a remote attacker to potentially access a private artifact in a tree that would otherwise not be accessible to them.
3d81f2f4af8c6a4430f3715b60d3f660036aa2342713122f5488dcb8cbd9a2bd