Apache mod_jk Access Control Bypass

Severity:: High

Description

The Apache Web Server (httpd) with Apache Tomcat JK (mod_jk) Connector versions 1.2.0 to 1.2.44 contains a flaw in path normalization, allowing specially crafted requests to expose unintended application functionality or bypass access controls configured in httpd. Attackers can exploit this vulnerability to access sensitive data or perform unauthorized actions.

Recommendation

Upgrade Apache and mod_jk to the latest stable versions to patch the vulnerability.

References

Apache HTTP Server
Apache Tomcat
CVE-2018-11759
CAPEC-310
OWASP 2021-A6

Related Issues

Apache Tomcat Manager Login Found - Vulnerability
Apache Expect Header Cross Site Scripting - CVE-2006-3918
Apache mod_proxy 2.4.48 SSRF - CVE-2021-40438
Apache server-info enabled - Vulnerability

Tags:: Apache; Tomcat; Access Control

Anything's wrong? Let us know Last updated on May 13, 2024