Lucene search
K

44 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2008-5494

Malware in sbrugna...

2.6CVSS4.5AI score0.07263EPSS
Exploits2References32
BDU FSTEC
BDU FSTEC
added 2024/09/30 12:0 a.m.9 views

The vulnerability of the mod_jk module of the Apache Tomcat JK Connector allows attackers to disclose sensitive information or cause service failures.

The vulnerability of the JkShmFile directive in the modjk module of the Apache Tomcat JK Connector is related to the incorrect use of standard permissions. Exploiting this vulnerability can allow an attacker to disclose information about the modjk module or cause service failures...

5.9CVSS6.2AI score0.00326EPSS
Exploits0References6Affected Software4
Apache Tomcat
Apache Tomcat
added 2024/09/23 10:43 a.m.16 views

Fixed in Apache Tomcat JK Connector 1.2.50

Moderate: Information disclosure / Denial of service CVE-2024-46544 Incorrect default permissions for the memory mapped file configured by the JkShmFile directive on Unix like systems allows local users to view and/or modify the contents of the shared memory containing modjk configuration and...

5.9CVSS7AI score0.00326EPSS
Exploits0Affected Software1
VulnCheck KEV
VulnCheck KEV
added 2023/12/19 12:0 a.m.5 views

VulnCheck KEV: CVE-2018-11759

The Apache Web Server httpd specific code that normalised the requested path before matching it to the URI-worker map in Apache Tomcat JK modjk Connector 1.2.0 to 1.2.44 did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via httpd, then...

7.5CVSS7.2AI score0.90647EPSS
Exploits0References1
Apache Tomcat
Apache Tomcat
added 2023/09/13 9:30 a.m.26 views

Fixed in Apache Tomcat JK Connector 1.2.49

Important: Information disclosure CVE-2023-41081 In some circumstances, such as when a configuration included JkOptions +ForwardDirectories but the configuration did not provide explicit mounts for all possible proxied requests, modjk would use an implicit mapping and map the request to the first...

7.5CVSS7.4AI score0.01257EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
added 2023/02/21 7:57 p.m.151 views

K38108582: Apache Tomcat vulnerability CVE-2018-11759

Security Advisory Description The Apache Web Server httpd specific code that normalized the requested path before matching it to the URI-worker map in Apache Tomcat JK modjk Connector 1.2.0 to 1.2.44 did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were...

7.6AI score
Exploits0
SUSE CVE
SUSE CVE
added 2023/02/15 6:13 a.m.6 views

SUSE CVE-2007-0774

Stack-based buffer overflow in the mapuritoworker function native/common/jkuriworkermap.c in modjk.so for Apache Tomcat JK Web Server Connector 1.2.19 and 1.2.20, as used in Tomcat 4.1.34 and 5.5.20, allows remote attackers to execute arbitrary code via a long URL that triggers the overflow in a...

7.5CVSS8.4AI score0.81513EPSS
Exploits8References3
Tenable Nessus
Tenable Nessus
added 2019/03/25 12:0 a.m.15 views

Apache Tomcat JK Connector 1.2.x < 1.2.41 JkUnmount Directive Handling Remote Information Disclosure

The version of Apache Tomcat JK Connector modjk installed on the remote host is version 1.2.x prior to 1.2.41. It is, therefore, affected by an information disclosure vulnerability due to improper handling of the 'JkUnmount' directive and multiple, adjacent slashes in requests. A remote attacker...

5CVSS6.6AI score0.07109EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2019/03/25 12:0 a.m.17 views

Apache Tomcat JK Connector 1.2.x < 1.2.46 Access Control Bypass

The version of Apache Tomcat JK Connector modjk installed on the remote host is version 1.2.x prior to 1.2.46. It is, therefore, affected by an access control bypass vulnerability due to improper handling of the Apache web server specific code that normalised the requested path before matching it...

7.5CVSS8.2AI score0.90647EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2019/02/18 4:55 p.m.4 views

mod_jk: connector path traversal due to mishandled HTTP requests in httpd

The Apache Web Server httpd specific code that normalised the requested path before matching it to the URI-worker map in Apache Tomcat JK modjk Connector 1.2.0 to 1.2.44 did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via httpd, then it was...

7.5CVSS7.3AI score0.90647EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2019/01/03 12:0 a.m.50 views

Apache Tomcat JK Connector (mod_jk) < 1.2.46 Authentication Bypass Vulnerability - Active Check

Apache Tomcat JK Connector modjk is prone to an authentication bypass vulnerability. Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This...

6.9AI score
Exploits0References2
OpenVAS
OpenVAS
added 2019/01/03 12:0 a.m.926 views

Apache Tomcat JK Connector (mod_jk) < 1.2.46 Authentication Bypass Vulnerability - Linux

Apache Tomcat JK Connector modjk is prone to an authentication bypass vulnerability. Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This...

6.9AI score
Exploits0References2
OpenVAS
OpenVAS
added 2019/01/03 12:0 a.m.61 views

Apache Tomcat JK Connector (mod_jk) < 1.2.46 Authentication Bypass Vulnerability - Windows

Apache Tomcat JK Connector modjk is prone to an authentication bypass vulnerability. Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This...

6.9AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 2018/11/02 3:19 p.m.32 views

CVE-2018-11759

The Apache Web Server httpd specific code that normalised the requested path before matching it to the URI-worker map in Apache Tomcat JK modjk Connector 1.2.0 to 1.2.44 did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via httpd, then it was...

7.5CVSS1.9AI score0.90647EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2018/10/31 8:29 p.m.31 views

CVE-2018-11759

The Apache Web Server httpd specific code that normalised the requested path before matching it to the URI-worker map in Apache Tomcat JK modjk Connector 1.2.0 to 1.2.44 did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via httpd, then it was...

7.5CVSS7.2AI score0.90647EPSS
Exploits0References3
OSV
OSV
added 2018/10/31 8:29 p.m.2 views

DEBIAN-CVE-2018-11759

The Apache Web Server httpd specific code that normalised the requested path before matching it to the URI-worker map in Apache Tomcat JK modjk Connector 1.2.0 to 1.2.44 did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via httpd, then it was...

7.5CVSS8.8AI score0.90647EPSS
Exploits0References1
Cvelist
Cvelist
added 2018/10/31 8:0 p.m.40 views

CVE-2018-11759

The Apache Web Server httpd specific code that normalised the requested path before matching it to the URI-worker map in Apache Tomcat JK modjk Connector 1.2.0 to 1.2.44 did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via httpd, then it was...

7.7AI score0.90647EPSS
Exploits0References13
CVE
CVE
added 2018/10/31 8:0 p.m.224 views

CVE-2018-11759

CVE-2018-11759 affects the Apache Tomcat JK Connector (mod_jk) when used with Apache httpd: connector versions 1.2.0 through 1.2.44, due to edge-case handling in httpd path normalization, could allow exposure of application functionality via the reverse proxy and may bypass httpd access controls....

7.5CVSS6.6AI score0.90647EPSS
In wildExploits0References13Affected Software1
Apache Tomcat
Apache Tomcat
added 2018/10/31 12:0 a.m.46 views

Fixed in Apache Tomcat JK Connector 1.2.46

Note: The issue below was fixed in Apache Tomcat JK Connector 1.2.45 but the release vote for the 1.2.45 release candidate did not pass. Therefore, although users must download 1.2.46 to obtain a version that includes the fix for this issue, version 1.2.45 is not included in the list of affected...

7.5CVSS6.6AI score0.90647EPSS
Exploits0Affected Software1
Apache Tomcat
Apache Tomcat
added 2018/03/12 12:0 a.m.40 views

Fixed in Apache Tomcat JK Connector 1.2.43

Important: Information disclosure CVE-2018-1323 The IIS/ISAPI specific code that normalised the requested path before matching it to the URI-worker map did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via IIS, then it was possible for a...

7.5CVSS7.5AI score0.44244EPSS
Exploits0Affected Software1
Rows per page
Query Builder