Information disclosure in Apache Tomcat JK ISAPI Connector



Published: 2018-03-12
Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2018-1323
CWE-ID CWE-200
Exploitation vector Network
Public exploit Public exploit code for vulnerability #1 is available.
Vulnerable software
Subscribe 		Apache Tomcat JK ISAPI Connector
Client/Desktop applications / Plugins for browsers, ActiveX components

Vendor Apache Foundation

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Information disclosure

EUVDB-ID: #VU10932

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C]

CVE-ID: CVE-2018-1323

CWE-ID: CWE-200 - Information exposure

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to incorrect handling of some edge cases by the IIS/ISAPI specific code that normalised the requested path before matching it to the URI-worker map. A remote attacker can send a specially constructed request to expose application functionality through the reverse proxy that was not intended for clients accessing the application via the reverse proxy.

Mitigation

Update to version 1.2.43.

Vulnerable software versions

Apache Tomcat JK ISAPI Connector: 1.2.0 - 1.2.42

External links

http://tomcat.apache.org/security-jk.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.



###SIDEBAR###