Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Tomcat_jk_connector
(Apache)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 3 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2017-04-12 | CVE-2016-6808 | Buffer overflow in Apache Tomcat Connectors (mod_jk) before 1.2.42. | Tomcat_jk_connector | 9.8 | ||
| 2018-03-12 | CVE-2018-1323 | The IIS/ISAPI specific code in the Apache Tomcat JK ISAPI Connector 1.2.0 to 1.2.42 that normalised the requested path before matching it to the URI-worker map did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via IIS, then it was possible for a specially constructed request to expose application functionality through the reverse proxy that was not intended for clients accessing Tomcat via the reverse proxy. | Tomcat_jk_connector | 7.5 | ||
| 2018-10-31 | CVE-2018-11759 | The Apache Web Server (httpd) specific code that normalised the requested path before matching it to the URI-worker map in Apache Tomcat JK (mod_jk) Connector 1.2.0 to 1.2.44 did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via httpd, then it was possible for a specially constructed request to expose application functionality through the reverse proxy that was not intended for clients accessing the application via the reverse proxy. It... | Tomcat_jk_connector, Debian_linux, Jboss_core_services | 7.5 |