Apache Tomcat JK Connector CVE-2018-11759 Directory Traversal Vulnerability
The Apache Web Server (httpd) specific code that normalised the requested path before matching it to the URI-worker map in Apache Tomcat JK (mod_jk) Connector 1.2.0 to 1.2.44 did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via httpd, then it was possible for a specially constructed request to expose application functionality through the reverse proxy that was not intended for clients accessing the application via the reverse proxy. It was also possible in some configurations for a specially constructed request to bypass the access controls configured in httpd. While there is some overlap between this issue and CVE-2018-1323, they are not identical.
A vulnerability in the Apache Tomcat JK Connector (mod_jk) could allow an unauthenticated, remote attacker to conduct a path traversal attack on a targeted system. The vulnerability exists because the Apache Web Server (httpd) code that normalizes a request path before matching it to the URI-worker map improperly handles certain edge cases. An attacker could exploit this vulnerability by sending a request that submits malicious input to an affected system. A successful exploit could allow the attacker to read application functionality through a reverse proxy. In addition, an exploit could allow the attacker to bypass access control restrictions that are configured in httpd. Apache has confirmed the vulnerability and released software updates.
CVE-2018-11759 Proof of concept Description The Apache Web Server (httpd) specific code that normalised the requested path before matching it to the URI-worker map in Apache Tomcat JK (mod_jk) Connector 120 to 1244 did not handle some edge cases correctly If only a sub-set of the URLs supported by Tomcat were exposed via httpd, then it was possible for a specially construc
Other language git - pt-BR Check if your instances are expose the CVE 2018-11759 The archive main are a script in bash for exploiting The urls shall use the protocol and complete addres, example: testsitecombr For more urls in one consult, can be used the here-document, example: # Call the bash, no request permission for exec bash main << EOF http
Awesome CVE PoC A curated list of CVE PoCs Here is a collection about Proof of Concepts of Common Vulnerabilities and Exposures, and you may also want to check out awesome-web-security Please read the contribution guidelines before contributing This repo is full of PoCs for CVEs If you enjoy this awesome list and would like to support it, check out my Patreon page :