Apache Web Server Reverse Proxy Vulnerability Impacting Functionality and Access Controls
CVE-2018-11759

7.5HIGH

Key Information:

Vendor
Apache
Status
Apache Tomcat Connectors
Vendor
CVE Published:
31 October 2018

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 94%

Summary

The Apache Web Server's handling of specified paths in conjunction with the Tomcat JK Connector was flawed, enabling crafted requests to potentially reveal application functions that should remain hidden. In environments where only a limited set of Tomcat URLs were exposed, attackers could exploit this weakness to glean unauthorized access to features through the reverse proxy. Furthermore, specific configurations could allow for the circumvention of the access controls in place, highlighting a significant security risk for users relying on this setup.

Affected Version(s)

Apache Tomcat Connectors Apache Tomcat JK (mod_jk) Connector 1.2.0 to 1.2.44

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2018-11759
Created by immunIT

Identificador-CVE-2018-11759
Created by Jul10l1r4

References

https://www.debian.org/security/2018/dsa-4357
vendor-advisoryx_refsource_DEBIAN
https://access.redhat.com/errata/RHSA-2019:0367
vendor-advisoryx_refsource_REDHAT
http://www.securityfocus.com/bid/105888
vdb-entryx_refsource_BID

EPSS Score

94% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.