5 results (0.027 seconds)

CVSS: 7.5EPSS: 95%CPEs: 4EXPL: 3

CVE-2018-11759 – mod_jk: connector path traversal due to mishandled HTTP requests in httpd

https://notcve.org/view.php?id=CVE-2018-11759

The Apache Web Server (httpd) specific code that normalised the requested path before matching it to the URI-worker map in Apache Tomcat JK (mod_jk) Connector 1.2.0 to 1.2.44 did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via httpd, then it was possible for a specially constructed request to expose application functionality through the reverse proxy that was not intended for clients accessing the application via the reverse proxy. It was also possible in some configurations for a specially constructed request to bypass the access controls configured in httpd. While there is some overlap between this issue and CVE-2018-1323, they are not identical. El código específico de Apache Web Server (httpd) que normalizaba la ruta antes de compararla con el mapa URI-worker en Apache Tomcat JK (mod_jk) Connector, desde la versión 1.2.0 hasta la 1.2.44, no gestionaba correctamente algunos casos extremos. • https://github.com/immunIT/CVE-2018-11759 https://github.com/Jul10l1r4/Identificador-CVE-2018-11759 https://github.com/julioliraup/Identificador-CVE-2018-11759 http://www.securityfocus.com/bid/105888 https://access.redhat.com/errata/RHSA-2019:0366 https://access.redhat.com/errata/RHSA-2019:0367 https://lists.apache.org/thread.html/277d42b48b6e9aef50949c0dcc79ce21693091d73da246b3c1981925%40%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/5b7a23e245c93235c503900da854a143596d901bf1a1f67e851a5de4%40%3Cdev.tomcat.ap • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 7.5EPSS: 26%CPEs: 1EXPL: 0

CVE-2018-1323 – isapi_redirect: Mishandled HTTP request paths in jk_isapi_plugin.c can lead to unintended exposure of application resources via the reverse proxy

https://notcve.org/view.php?id=CVE-2018-1323

The IIS/ISAPI specific code in the Apache Tomcat JK ISAPI Connector 1.2.0 to 1.2.42 that normalised the requested path before matching it to the URI-worker map did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via IIS, then it was possible for a specially constructed request to expose application functionality through the reverse proxy that was not intended for clients accessing Tomcat via the reverse proxy. El código específico IIS/ISAPI en Apache Tomcat JK ISAPI Connector, de la versión 1.2.0 a la 1.2.42, que normalizaba la ruta solicitada antes de emparejarla al mapa URI-worker no gestionaba algunos casos perimetrales (edge cases) correctamente. Si solo un subconjunto de las URL soportadas por Tomcat estuviese expuesto mediante IIS, una petición especialmente construida podría exponer funcionalidades de la aplicación mediante el proxy inverso que no estaba pensado para que los clientes accediesen a Tomcat a través de él. • http://www.securityfocus.com/bid/103389 https://access.redhat.com/errata/RHSA-2018:1843 https://lists.apache.org/thread.html/277d42b48b6e9aef50949c0dcc79ce21693091d73da246b3c1981925%40%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/5b7a23e245c93235c503900da854a143596d901bf1a1f67e851a5de4%40%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/6e146bce83578bd870893250ba8354e28f9d8e86c674c30dbeee529f%40%3Cannounce.tomcat.apache.org%3E https://lists.apache.org/thread.html/8d2a579bbd977c225c70cb23b0ec54865fb0dab5da3eff1e060c9935%40%3Cdev.tomcat.a • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2016-6808 – mod_jk: Buffer overflow when concatenating virtual host name and URI

https://notcve.org/view.php?id=CVE-2016-6808

Buffer overflow in Apache Tomcat Connectors (mod_jk) before 1.2.42. Desbordamiento de búfer en los Apache Tomcat Connectors (mod_jk) en versiones anteriores a 1.2.42. It was found that the length checks prior to writing to the target buffer for creating a virtual host mapping rule did not take account of the length of the virtual host name, creating the potential for a buffer overflow. • http://packetstormsecurity.com/files/139071/Apache-Tomcat-JK-ISAPI-Connector-1.2.41-Buffer-Overflow.html http://rhn.redhat.com/errata/RHSA-2016-2957.html http://seclists.org/fulldisclosure/2016/Oct/44 http://tomcat.apache.org/security-jk.html http://www.openwall.com/lists/oss-security/2016/10/06/4 http://www.securityfocus.com/bid/93429 http://www.securitytracker.com/id/1036969 https://access.redhat.com/errata/RHSA-2017:0193 https://access.redhat.com/errata/RHSA-2017:0194 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •

CVSS: 5.0EPSS: 3%CPEs: 1EXPL: 0

CVE-2007-1860 – mod_jk sends decoded URL to tomcat

https://notcve.org/view.php?id=CVE-2007-1860

mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. (dot dot) sequences and directory traversal, a related issue to CVE-2007-0450. El componente mod_jk en Apache Tomcat JK Web Server Connector versión 1.2. x anterior a 1.2.23, descodifica las URL de petición dentro del servidor Apache HTTP antes de pasar la URL a Tomcat, lo que permite a los atacantes remotos acceder a páginas protegidas por medio de un JkMount prefijado y creado, posiblemente involucrando secuencias double-encoded.. (punto punto) y el salto de directorio (directory traversal), un problema relacionado a CVE-2007-0450. • http://docs.info.apple.com/article.html?artnum=306172 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795 http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html http://secunia.com/advisories/25383 http://secunia.com/advisories/25701 http://secunia.com/advisories/26235 http://secunia.com/advisories/26512 http://secunia.com/advisories/27037 http://secunia.com/advisorie • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 7.5EPSS: 53%CPEs: 2EXPL: 2

CVE-2007-0774 – Apache Tomcat JK Web Server Connector Long URL Stack Overflow Vulnerability

https://notcve.org/view.php?id=CVE-2007-0774

Stack-based buffer overflow in the map_uri_to_worker function (native/common/jk_uri_worker_map.c) in mod_jk.so for Apache Tomcat JK Web Server Connector 1.2.19 and 1.2.20, as used in Tomcat 4.1.34 and 5.5.20, allows remote attackers to execute arbitrary code via a long URL that triggers the overflow in a URI worker map routine. Desbordamiento de búfer basado en pila en la función map_uri_to_worker (native/common/jk_uri_worker_map.c) en mod_jk.so para Apache Tomcat JK Web Server Connector 1.2.19 y 1.2.20, tal y como se usa en Tomcat 4.1.34 y 5.5.20, permite a atacantes remotos ejecutar código de su elección a través de una URL que dispara el desbordamiento de búfer en una rutina del mapa del trabajador URI. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apache Tomcat JK Web Server Connector. Authentication is not required to exploit this vulnerability. The specific flaw exists in the URI handler for the mod_jk.so library, map_uri_to_worker(), defined in native/common/jk_uri_worker_map.c. When parsing a long URL request, the URI worker map routine performs an unsafe memory copy. • https://www.exploit-db.com/exploits/4162 https://www.exploit-db.com/exploits/16798 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795 http://secunia.com/advisories/24398 http://secunia.com/advisories/24558 http://secunia.com/advisories/27037 http://secunia.com/advisories/28711 http://securitytracker.com/id?1017719 http://tomcat.apache.org/connectors-doc/miscellaneous/changelog.html http://tomcat.apache.org/security-jk.html http://www.cisco.com/en/US& •