Path traversal in Apache Tomcat JK Connector
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2018-11759 |
| CWE-ID | CWE-22 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #1 is available. |
| Vulnerable software Subscribe |
Apache Tomcat JK ISAPI Connector Client/Desktop applications / Plugins for browsers, ActiveX components |
| Vendor | Apache Foundation |
Security Bulletin
This security bulletin contains one medium risk vulnerability.
1) Path traversal
EUVDB-ID: #VU15703
Risk: Medium
CVSSv3.1: 4.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C]
CVE-ID: CVE-2018-11759
CWE-ID:
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to perform path traversal attacks.
The vulnerability exists due to input validation error when matching requested path against URI-worker map in Apache Tomcat JK (mod_jk) Connector within the Apache Web Server (httpd) specific code. A remote attacker can send a specially crafted HTTP request to the affected system and expose application functionality through the reverse proxy that was not intended for clients accessing the application via the reverse proxy.
MitigationInstall updates from vendor's website.
Vulnerable software versionsApache Tomcat JK ISAPI Connector: 1.2.0 - 1.2.44
External linkshttp://lists.apache.org/thread.html/6d564bb0ab73d6b3efdd1d6b1c075d1a2c84ecd84a4159d6122529ad@%3Cannounce.tomcat.apache.org%3E
http://tomcat.apache.org/security-jk.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
