Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mod_jk vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2023-41081
Important: Authentication Bypass CVE-2023-41081 The mod_jk component of Apache Tomcat Connectors in some circumstances, such as when a configuration included "JkOptions +ForwardDirectories" but the configuration did not provide explicit mounts for all possible proxied r...
Apache Tomcat Connectors
7.5
CVSSv3
CVE-2018-11759
The Apache Web Server (httpd) specific code that normalised the requested path before matching it to the URI-worker map in Apache Tomcat JK (mod_jk) Connector 1.2.0 to 1.2.44 did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed ...
Apache Tomcat Jk Connector
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Redhat Jboss Core Services -
8 Github repositories
NA
CVE-2008-5515
Apache Tomcat 4.1.0 up to and including 4.1.39, 5.5.0 up to and including 5.5.27, 6.0.0 up to and including 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote maliciou...
Apache Tomcat 5.5.27
Apache Tomcat 4.1.2
Apache Tomcat 4.1.35
Apache Tomcat 4.1.36
Apache Tomcat 5.5.18
Apache Tomcat 4.1.21
Apache Tomcat 6.0.6
Apache Tomcat 5.5.12
Apache Tomcat 5.5.14
Apache Tomcat 4.1.24
Apache Tomcat 5.5.10
Apache Tomcat 5.5.4
Apache Tomcat 5.5.7
Apache Tomcat 5.5.1
Apache Tomcat 6.0.7
Apache Tomcat 5.5.11
Apache Tomcat 4.1.25
Apache Tomcat 6.0.4
Apache Tomcat 5.5.6
Apache Tomcat 5.5.26
Apache Tomcat 4.1.39
Apache Tomcat 5.5.20
NA
CVE-2009-0033
Apache Tomcat 4.1.0 up to and including 4.1.39, 5.5.0 up to and including 5.5.27, and 6.0.0 up to and including 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote malicious users to cause a denial of service (application outage) via a crafted re...
Apache Tomcat 5.5.27
Apache Tomcat 4.1.2
Apache Tomcat 4.1.35
Apache Tomcat 4.1.36
Apache Tomcat 4.1.9
Apache Tomcat 5.5.18
Apache Tomcat 4.1.21
Apache Tomcat 6.0.6
Apache Tomcat 6.0.11
Apache Tomcat 5.5.12
Apache Tomcat 5.5.14
Apache Tomcat 4.1.24
Apache Tomcat 5.5.10
Apache Tomcat 5.5.4
Apache Tomcat 5.5.7
Apache Tomcat 5.5.1
Apache Tomcat 6.0.7
Apache Tomcat 5.5.11
Apache Tomcat 4.1.25
Apache Tomcat 6.0.4
Apache Tomcat 5.5.6
Apache Tomcat 5.5.26
4.2
CVSSv3
CVE-2009-0783
Apache Tomcat 4.1.0 up to and including 4.1.39, 5.5.0 up to and including 5.5.27, and 6.0.0 up to and including 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, o...
Apache Tomcat
NA
CVE-2009-0580
Apache Tomcat 4.1.0 up to and including 4.1.39, 5.5.0 up to and including 5.5.27, and 6.0.0 up to and including 6.0.18, when FORM authentication is used, allows remote malicious users to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of pa...
Apache Tomcat 5.5.27
Apache Tomcat 4.1.2
Apache Tomcat 4.1.35
Apache Tomcat 4.1.36
Apache Tomcat 4.1.9
Apache Tomcat 5.5.18
Apache Tomcat 4.1.21
Apache Tomcat 6.0.6
Apache Tomcat 6.0.11
Apache Tomcat 5.5.12
Apache Tomcat 5.5.14
Apache Tomcat 4.1.24
Apache Tomcat 5.5.10
Apache Tomcat 5.5.4
Apache Tomcat 5.5.7
Apache Tomcat 5.5.1
Apache Tomcat 6.0.7
Apache Tomcat 5.5.11
Apache Tomcat 4.1.25
Apache Tomcat 6.0.4
Apache Tomcat 5.5.6
Apache Tomcat 5.5.26
1 EDB exploit
NA
CVE-2008-5519
The JK Connector (aka mod_jk) 1.2.0 up to and including 1.2.26 in Apache Tomcat allows remote malicious users to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving (1) a request from a different client that included...
Apache Mod Jk 1.2.11
Apache Mod Jk 1.2.25
Apache Mod Jk 1.2.9
Apache Mod Jk 1.2.19
Apache Mod Jk 1.2.23
Apache Mod Jk 1.2.16
Apache Mod Jk 1.2.6
Apache Mod Jk 1.2.17
Apache Mod Jk 1.2.24
Apache Mod Jk 1.2.22
Apache Mod Jk 1.2
Apache Mod Jk 1.2.13
Apache Mod Jk 1.2.8
Apache Mod Jk 1.2.10
Apache Mod Jk 1.2.7
Apache Mod Jk 1.2.20
Apache Mod Jk 1.2.21
Apache Mod Jk 1.2.1
Apache Mod Jk 1.2.15
Apache Mod Jk 1.2.12
Apache Mod Jk 1.2.14.1
Apache Mod Jk 1.2.14
NA
CVE-2009-0781
Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 up to and including 4.1.39, 5.5.0 up to and including 5.5.27, and 6.0.0 up to and including 6.0.18 allows remote malicious users to inje...
Apache Tomcat 4.1.2
Apache Tomcat 4.1.35
Apache Tomcat 4.1.36
Apache Tomcat 4.1.9
Apache Tomcat 5.5.18
Apache Tomcat 4.1.21
Apache Tomcat 6.0.6
Apache Tomcat 6.0.11
Apache Tomcat 5.5.12
Apache Tomcat 5.5.14
Apache Tomcat 4.1.24
Apache Tomcat 5.5.10
Apache Tomcat 5.5.4
Apache Tomcat 5.5.7
Apache Tomcat 5.5.1
Apache Tomcat 6.0.7
Apache Tomcat 5.5.11
Apache Tomcat 4.1.25
Apache Tomcat 6.0.4
Apache Tomcat 5.5.6
Apache Tomcat 5.5.26
Apache Tomcat 4.1.4
NA
CVE-2007-1860
mod_jk in Apache Tomcat JK Web Server Connector 1.2.x prior to 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote malicious users to access protected pages via a crafted prefix JkMount, possibly involving double-encoded...
Apache Tomcat Jk Web Server Connector
4 Github repositories
NA
CVE-2006-7197
The AJP connector in Apache Tomcat 5.5.15 uses an incorrect length for chunks, which can cause a buffer over-read in the ajp_process_callback in mod_jk, which allows remote malicious users to read portions of sensitive memory.
Apache Tomcat 5.5.15
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27977
IMAP
local users
CVE-2024-32038
CVE-2023-49963
CVE-2023-22869
CVE-2024-31497
local
CVE-2024-2961
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »