NA

CVE-2018-11759

Published: 31/10/2018 Updated: 19/02/2019

Vulnerability Summary

Apache Tomcat JK Connector CVE-2018-11759 Directory Traversal Vulnerability

The Apache Web Server (httpd) specific code that normalised the requested path before matching it to the URI-worker map in Apache Tomcat JK (mod_jk) Connector 1.2.0 to 1.2.44 did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via httpd, then it was possible for a specially constructed request to expose application functionality through the reverse proxy that was not intended for clients accessing the application via the reverse proxy. It was also possible in some configurations for a specially constructed request to bypass the access controls configured in httpd. While there is some overlap between this issue and CVE-2018-1323, they are not identical.

A vulnerability in the Apache Tomcat JK Connector (mod_jk) could allow an unauthenticated, remote attacker to conduct a path traversal attack on a targeted system. The vulnerability exists because the Apache Web Server (httpd) code that normalizes a request path before matching it to the URI-worker map improperly handles certain edge cases. An attacker could exploit this vulnerability by sending a request that submits malicious input to an affected system. A successful exploit could allow the attacker to read application functionality through a reverse proxy. In addition, an exploit could allow the attacker to bypass access control restrictions that are configured in httpd. Apache has confirmed the vulnerability and released software updates.

Vulnerability Trend

Vendor Advisories

Raphael Arrouas and Jean Lejeune discovered an access control bypass vulnerability in mod_jk, the Apache connector for the Tomcat Java servlet engine The vulnerability is addressed by upgrading mod_jk to the new upstream version 1246, which includes additional changes tomcatapacheorg/connectors-doc/miscellaneous/changeloghtml#Change ...
The Apache Web Server (httpd) specific code that normalised the requested path before matching it to the URI-worker map in Apache Tomcat JK (mod_jk) Connector 120 to 1244 did not handle some edge cases correctly If only a sub-set of the URLs supported by Tomcat were exposed via httpd, then it was possible for a specially constructed request to ...
Synopsis Important: Red Hat JBoss Core Services Apache HTTP Server 2429 security update Type/Severity Security Advisory: Important Topic An update is now available for JBoss Core Services on RHEL 6 and RHEL 7Red Hat Product Security has rated this update as having a security impact of Important A Common ...
Synopsis Important: Red Hat JBoss Core Services Apache HTTP Server 2429 SP1 security update Type/Severity Security Advisory: Important Topic Red Hat JBoss Core Services Pack Apache Server 2429 Service Pack 1 packages for Microsoft Windows and Oracle Solaris are now availableRed Hat Product Security has ...

Mailing Lists

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4357-1 security () debian org wwwdebianorg/security/ Salvatore Bonaccorso December 20, 2018 wwwdebianorg/security/faq ...

Github Repositories

CVE-2018-11759 Proof of concept Description The Apache Web Server (httpd) specific code that normalised the requested path before matching it to the URI-worker map in Apache Tomcat JK (mod_jk) Connector 120 to 1244 did not handle some edge cases correctly If only a sub-set of the URLs supported by Tomcat were exposed via httpd, then it was possible for a specially construc

Other language git - pt-BR Check if your instances are expose the CVE 2018-11759 The archive main are a script in bash for exploiting The urls shall use the protocol and complete addres, example: testsitecombr For more urls in one consult, can be used the here-document, example: # Call the bash, no request permission for exec bash main << EOF http

Awesome CVE PoC A curated list of CVE PoCs Here is a collection about Proof of Concepts of Common Vulnerabilities and Exposures, and you may also want to check out awesome-web-security Please read the contribution guidelines before contributing This repo is full of PoCs for CVEs If you enjoy this awesome list and would like to support it, check out my Patreon page :

References