2 matches found
VulnCheck KEV: CVE-2018-11759
The Apache Web Server httpd specific code that normalised the requested path before matching it to the URI-worker map in Apache Tomcat JK modjk Connector 1.2.0 to 1.2.44 did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via httpd, then...
mod_jk: session information leak
The JK Connector aka modjk 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving 1 a request from a different client that included a Content-Length header but no POST dat...