Buffer Overflow

Apache Tomcat JK ISAPI Connector is vulnerable to buffer overflow attacks. A remote user can send a specifically crafted URI to the target virtual host to trigger a buffer overflow in the JK ISAPI connector and potentially execute arbitrary code on the target system which may leads the applicatio...

CVE-2018-1323

The IIS/ISAPI specific code in the Apache Tomcat JK ISAPI Connector 1.2.0 to 1.2.42 that normalised the requested path before matching it to the URI-worker map did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via IIS, then it was possible fo...

CVE-2018-1323

The IIS/ISAPI specific code in the Apache Tomcat JK ISAPI Connector 1.2.0 to 1.2.42 that normalised the requested path before matching it to the URI-worker map did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via IIS, then it was possible fo...

CVE-2018-1323

The issue (CVE-2018-1323) affects Apache Tomcat JK Connector (mod_jk) IIS/ISAPI integration: the ISAPI Connector 1.2.0–1.2.42 path normalization in jk_isapi_plugin.c could allow a specially crafted request to access application functionality via the reverse proxy that was not intended for clients...

CVE-2018-1323

The IIS/ISAPI specific code in the Apache Tomcat JK ISAPI Connector 1.2.0 to 1.2.42 that normalised the requested path before matching it to the URI-worker map did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via IIS, then it was possible fo...

Apache Tomcat JK ISAPI Connector Buffer Overflow Vulnerability

Apache Tomcat JK ISAPI Connector is a module for Apache or IIS to connect to the backend Tomcat , which supports clustering and load balancing and so on. A buffer overflow vulnerability exists in Apache Tomcat JK ISAPI Connector, which allows remote attackers to send specially crafted URIs to the...