|Number of vulnerabilities||1|
|CVE ID|| CVE-2018-1323
Apache Tomcat JK ISAPI Connector
|Vulnerable software versions||
Apache Tomcat JK ISAPI Connector 1.2.42
Apache Tomcat JK ISAPI Connector 1.2.41
Apache Tomcat JK ISAPI Connector 1.2.40
|Vendor URL||Apache Foundation|
The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to incorrect handling of some edge cases by the IIS/ISAPI specific code that normalised the requested path before matching it to the URI-worker map. A remote attacker can send a specially constructed request to expose application functionality through the reverse proxy that was not intended for clients accessing the application via the reverse proxy.
Update to version 1.2.43.