Vulnerabilities/

Apache mod_jk Access Control Bypass

Severity:: High

Description

The Apache Web Server (httpd) with Apache Tomcat JK (mod_jk) Connector versions 1.2.0 to 1.2.44 contains a flaw in path normalization, allowing specially crafted requests to expose unintended application functionality or bypass access controls configured in httpd. Attackers can exploit this vulnerability to access sensitive data or perform unauthorized actions.

Recommendation

Upgrade Apache and mod_jk to the latest stable versions to patch the vulnerability.

References

Apache HTTP Server
Apache Tomcat
CVE-2018-11759
CAPEC-310
OWASP 2021-A6

Related Issues

Apache mod_proxy 2.4.48 SSRF - CVE-2021-40438
Apache Struts OGNL expression RCE S2-057 - CVE-2018-11776
Apache Tomcat JSP Upload RCE - CVE-2017-12615, CVE-2017-12617
Apache Tomcat Manager Login Found - Vulnerability

Tags:: Apache; Tomcat; Access Control

Anything's wrong? Let us know Last updated on May 13, 2024