Apache mod_jk Access Control Bypass
Impact: High
Description
The Apache Web Server (httpd) with Apache Tomcat JK (mod_jk) Connector versions 1.2.0 to 1.2.44 contains a flaw in path normalization, allowing specially crafted requests to expose unintended application functionality or bypass access controls configured in httpd. Attackers can exploit this vulnerability to access sensitive data or perform unauthorized actions.
Recommendation
Upgrade Apache and mod_jk to the latest stable versions to patch the vulnerability.
References
👉 You might also like:
Apache mod_proxy 2.4.48 SSRF - CVE-2021-40438
Apache Struts OGNL expression RCE S2-057 - CVE-2018-11776
Apache Tomcat JSP Upload RCE - CVE-2017-12615, CVE-2017-12617
Apache 2.4.49 Path Traversal and RCE - CVE-2021-41773, CVE-2021-42013
Last updated on May 13, 2024