Skip to main content

Tomcat Jk Connector

3 CVEs product

Monthly

CVE-2018-11759 HIGH POC THREAT This Week

The Apache Web Server (httpd) specific code that normalised the requested path before matching it to the URI-worker map in Apache Tomcat JK (mod_jk) Connector 1.2.0 to 1.2.44 did not handle some edge. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Tomcat Apache Path Traversal Tomcat Jk Connector Debian Linux +1
NVD
CVSS 3.0
7.5
EPSS
90.6%
CVE-2018-1323 HIGH This Week

The IIS/ISAPI specific code in the Apache Tomcat JK ISAPI Connector 1.2.0 to 1.2.42 that normalised the requested path before matching it to the URI-worker map did not handle some edge cases. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Tomcat Apache Path Traversal Tomcat Jk Connector
NVD
CVSS 3.0
7.5
EPSS
44.2%
CVE-2016-6808 CRITICAL POC THREAT Emergency

Buffer overflow in Apache Tomcat Connectors (mod_jk) before 1.2.42. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 29.5%.

Buffer Overflow Tomcat Apache Tomcat Jk Connector
NVD
CVSS 3.0
9.8
EPSS
29.5%
Threat
4.3
EPSS 91% CVSS 7.5
HIGH POC THREAT This Week

The Apache Web Server (httpd) specific code that normalised the requested path before matching it to the URI-worker map in Apache Tomcat JK (mod_jk) Connector 1.2.0 to 1.2.44 did not handle some edge. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Tomcat Apache Path Traversal +3
NVD
EPSS 44% CVSS 7.5
HIGH This Week

The IIS/ISAPI specific code in the Apache Tomcat JK ISAPI Connector 1.2.0 to 1.2.42 that normalised the requested path before matching it to the URI-worker map did not handle some edge cases. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Tomcat Apache Path Traversal +1
NVD
EPSS 29% 4.3 CVSS 9.8
CRITICAL POC THREAT Emergency

Buffer overflow in Apache Tomcat Connectors (mod_jk) before 1.2.42. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 29.5%.

Buffer Overflow Tomcat Apache +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy