Apache Software Foundation Apache Tomcat Connectors vulnerabilities

4 known vulnerabilities affecting apache_software_foundation/apache_tomcat_connectors.

Total CVEs
4
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
HIGH3MEDIUM1

Vulnerabilities

Page 1 of 1
CVE-2024-46544MEDIUMCVSS 5.9≥ 1.2.9-beta, ≤ 1.2.492024-09-23
CVE-2024-46544 [MEDIUM] CWE-276 CVE-2024-46544: Incorrect Default Permissions vulnerability in Apache Tomcat Connectors allows local users to view a Incorrect Default Permissions vulnerability in Apache Tomcat Connectors allows local users to view and modify shared memory containing mod_jk configuration which may lead to information disclosure and/or denial of service. This issue affects Apache Tomcat Connectors: from 1.2.9-beta through 1.2.49. Only mod_jk on Unix like systems is affected. Neit
cvelistv5nvd
CVE-2023-41081HIGHCVSS 7.5≥ 1.2.0, ≤ 1.2.482023-09-13
CVE-2023-41081 [HIGH] CVE-2023-41081: Important: Authentication Bypass CVE-2023-41081 The mod_jk component of Apache Tomcat Connectors in Important: Authentication Bypass CVE-2023-41081 The mod_jk component of Apache Tomcat Connectors in some circumstances, such as when a configuration included "JkOptions +ForwardDirectories" but the configuration did not provide explicit mounts for all possible proxied requests, mod_jk would use an implicit mapping and map the request to the first defined wor
cvelistv5nvd
CVE-2018-11759HIGHCVSS 7.5PoCvApache Tomcat JK (mod_jk) Connector 1.2.0 to 1.2.442018-10-31
CVE-2018-11759 [HIGH] CWE-22 CVE-2018-11759: The Apache Web Server (httpd) specific code that normalised the requested path before matching it to The Apache Web Server (httpd) specific code that normalised the requested path before matching it to the URI-worker map in Apache Tomcat JK (mod_jk) Connector 1.2.0 to 1.2.44 did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via httpd, then it was possible for a specially constructed request to exp
cvelistv5nvd
CVE-2018-1323HIGHCVSS 7.5vApache Tomcat JK ISAPI Connector 1.2.0 to 1.2.422018-03-12
CVE-2018-1323 [HIGH] CWE-22 CVE-2018-1323: The IIS/ISAPI specific code in the Apache Tomcat JK ISAPI Connector 1.2.0 to 1.2.42 that normalised The IIS/ISAPI specific code in the Apache Tomcat JK ISAPI Connector 1.2.0 to 1.2.42 that normalised the requested path before matching it to the URI-worker map did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via IIS, then it was possible for a specially constructed request to expose application func
cvelistv5nvd