Main Vulnerability Database Exploits ID:2361 - Exploit for Path traversal in Apache Tomcat JK ISAPI Connector - CVE-2018-11759

ID:2361 - Exploit for Path traversal in Apache Tomcat JK ISAPI Connector - CVE-2018-11759

Published: April 7, 2020

Vulnerability identifier: #VU15703

Vulnerability risk: Medium

CVE-ID: CVE-2018-11759

CWE-ID: CWE-22

Exploitation vector: Remote access

Vulnerable software:
Apache Tomcat JK ISAPI Connector

Link to public exploit:

https://github.com/immunIT/CVE-2018-11759

Vulnerability description

The vulnerability allows a remote attacker to perform path traversal attacks.

The vulnerability exists due to input validation error when matching requested path against URI-worker map in Apache Tomcat JK (mod_jk) Connector within the Apache Web Server (httpd) specific code. A remote attacker can send a specially crafted HTTP request to the affected system and expose application functionality through the reverse proxy that was not intended for clients accessing the application via the reverse proxy.

Remediation

Install updates from vendor's website.

ID:2361 - Exploit for Path traversal in Apache Tomcat JK ISAPI Connector - CVE-2018-11759

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human