Description
The Apache Web Server (httpd) with Apache Tomcat JK (mod_jk) Connector versions 1.2.0 to 1.2.44 contains a flaw in path normalization, allowing specially crafted requests to expose unintended application functionality or bypass access controls configured in httpd. Attackers can exploit this vulnerability to access sensitive data or perform unauthorized actions.
Recommendation
Upgrade Apache and mod_jk to the latest stable versions to patch the vulnerability.
References
Related Issues
- Etherpad Lite Access Restriction Bypass - CVE-2018-6835
- Twitter-Post-Fetcher vulnerable to Use of Web Link to Untrusted Target with window.opener Access - CVE-2018-25058
- Apache mod_proxy 2.4.48 SSRF - CVE-2021-40438
- Budibase Improper Access Control vulnerability - CVE-2022-3225
- Tags:
- Apache
- Tomcat
- Access Control
Anything's wrong? Let us know Last updated on May 13, 2024