Apache mod_jk Access Control Bypass

Impact: High


The Apache Web Server (httpd) with Apache Tomcat JK (mod_jk) Connector versions 1.2.0 to 1.2.44 contains a flaw in path normalization, allowing specially crafted requests to expose unintended application functionality or bypass access controls configured in httpd. Attackers can exploit this vulnerability to access sensitive data or perform unauthorized actions.


Upgrade Apache and mod_jk to the latest stable versions to patch the vulnerability.


Last updated on May 13, 2024

This issue is available in SmartScanner Professional

See Pricing