Apache Tomcat Jk Connector vulnerabilities
3 known vulnerabilities affecting apache/tomcat_jk_connector.
Total CVEs
3
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH2
Vulnerabilities
Page 1 of 1
CVE-2018-11759HIGHCVSS 7.5PoC≥ 1.2.0, ≤ 1.2.442018-10-31
CVE-2018-11759 [HIGH] CWE-22 CVE-2018-11759: The Apache Web Server (httpd) specific code that normalised the requested path before matching it to
The Apache Web Server (httpd) specific code that normalised the requested path before matching it to the URI-worker map in Apache Tomcat JK (mod_jk) Connector 1.2.0 to 1.2.44 did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via httpd, then it was possible for a specially constructed request to exp
nvd
CVE-2018-1323HIGHCVSS 7.5≥ 1.2.0, ≤ 1.2.422018-03-12
CVE-2018-1323 [HIGH] CWE-22 CVE-2018-1323: The IIS/ISAPI specific code in the Apache Tomcat JK ISAPI Connector 1.2.0 to 1.2.42 that normalised
The IIS/ISAPI specific code in the Apache Tomcat JK ISAPI Connector 1.2.0 to 1.2.42 that normalised the requested path before matching it to the URI-worker map did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via IIS, then it was possible for a specially constructed request to expose application func
nvd
CVE-2016-6808CRITICALCVSS 9.8fixed in 1.2.422017-04-12
CVE-2016-6808 [CRITICAL] CWE-119 CVE-2016-6808: Buffer overflow in Apache Tomcat Connectors (mod_jk) before 1.2.42.
Buffer overflow in Apache Tomcat Connectors (mod_jk) before 1.2.42.
nvd