Description
The Apache Web Server (httpd) with Apache Tomcat JK (mod_jk) Connector versions 1.2.0 to 1.2.44 contains a flaw in path normalization, allowing specially crafted requests to expose unintended application functionality or bypass access controls configured in httpd. Attackers can exploit this vulnerability to access sensitive data or perform unauthorized actions.
Recommendation
Upgrade Apache and mod_jk to the latest stable versions to patch the vulnerability.
References
Related Issues
- Apache mod_proxy 2.4.48 SSRF - CVE-2021-40438
- Apache Struts OGNL expression RCE S2-057 - CVE-2018-11776
- Apache Tomcat JSP Upload RCE - CVE-2017-12615, CVE-2017-12617
- Apache Tomcat Manager Login Found - Vulnerability
- Tags:
- Apache
- Tomcat
- Access Control
Anything's wrong? Let us know Last updated on May 13, 2024