5
CVSSv2

CVE-2018-11759

Published: 31/10/2018 Updated: 15/04/2019
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 446
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Summary

The Apache Web Server (httpd) specific code that normalised the requested path before matching it to the URI-worker map in Apache Tomcat JK (mod_jk) Connector 1.2.0 to 1.2.44 did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via httpd, then it was possible for a specially constructed request to expose application functionality through the reverse proxy that was not intended for clients accessing the application via the reverse proxy. It was also possible in some configurations for a specially constructed request to bypass the access controls configured in httpd. While there is some overlap between this issue and CVE-2018-1323, they are not identical.

Vulnerability Trend

Affected Products

Vendor Product Versions
ApacheTomcat Jk Connector1.2.0, 1.2.1, 1.2.2, 1.2.3, 1.2.4, 1.2.32, 1.2.33, 1.2.35, 1.2.36, 1.2.37, 1.2.39, 1.2.40, 1.2.41, 1.2.42, 1.2.43
RedhatJboss Core Services-
DebianDebian Linux8.0, 9.0

Vendor Advisories

Raphael Arrouas and Jean Lejeune discovered an access control bypass vulnerability in mod_jk, the Apache connector for the Tomcat Java servlet engine The vulnerability is addressed by upgrading mod_jk to the new upstream version 1246, which includes additional changes tomcatapacheorg/connectors-doc/miscellaneous/changeloghtml#Change ...
The Apache Web Server (httpd) specific code that normalised the requested path before matching it to the URI-worker map in Apache Tomcat JK (mod_jk) Connector 120 to 1244 did not handle some edge cases correctly If only a sub-set of the URLs supported by Tomcat were exposed via httpd, then it was possible for a specially constructed request to ...
Synopsis Important: Red Hat JBoss Core Services Apache HTTP Server 2429 security update Type/Severity Security Advisory: Important Topic An update is now available for JBoss Core Services on RHEL 6 and RHEL 7Red Hat Product Security has rated this update as having a security impact of Important A Common ...
Synopsis Important: Red Hat JBoss Core Services Apache HTTP Server 2429 SP1 security update Type/Severity Security Advisory: Important Topic Red Hat JBoss Core Services Pack Apache Server 2429 Service Pack 1 packages for Microsoft Windows and Oracle Solaris are now availableRed Hat Product Security has ...
IBM Security SiteProtector System has addressed the following vulnerabilities in Apache HTTP Server ...
Oracle Solaris Third Party Bulletin - January 2019 Description The Oracle Solaris Third Party Bulletin announces patches for one or more security vulnerabilities fixed in third party software that is included in Oracle Solaris distributions Starting January 20, 2015, Third Party Bulletins are released on the same day when Oracle Criti ...

Mailing Lists

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4357-1 security () debian org wwwdebianorg/security/ Salvatore Bonaccorso December 20, 2018 wwwdebianorg/security/faq ...

Github Repositories

CVE-2018-11759 Proof of concept Description The Apache Web Server (httpd) specific code that normalised the requested path before matching it to the URI-worker map in Apache Tomcat JK (mod_jk) Connector 120 to 1244 did not handle some edge cases correctly If only a sub-set of the URLs supported by Tomcat were exposed via httpd, then it was possible for a specially construc

Other language git - pt-BR Check if your instances are expose the CVE 2018-11759 The archive main are a script in bash for exploiting The urls shall use the protocol and complete addres, example: testsitecombr For more urls in one consult, can be used the here-document, example: # Call the bash, no request permission for exec bash main << EOF http

Awesome CVE PoC A curated list of CVE PoCs Here is a collection about Proof of Concepts of Common Vulnerabilities and Exposures, and you may also want to check out awesome-web-security Please read the contribution guidelines before contributing This repo is full of PoCs for CVEs If you enjoy this awesome list and would like to support it, check out my Patreon page :