CVE-2018-11759

7.5HIGH

Key Information:

Vendor
Apache
Status
Apache Tomcat Connectors
Vendor
CVE Published:
31 October 2018

Badges

πŸ‘Ύ Exploit Exists🟑 Public PoC🟣 EPSS 96%

Summary

The Apache Web Server (httpd) specific code that normalised the requested path before matching it to the URI-worker map in Apache Tomcat JK (mod_jk) Connector 1.2.0 to 1.2.44 did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via httpd, then it was possible for a specially constructed request to expose application functionality through the reverse proxy that was not intended for clients accessing the application via the reverse proxy. It was also possible in some configurations for a specially constructed request to bypass the access controls configured in httpd. While there is some overlap between this issue and CVE-2018-1323, they are not identical.

Affected Version(s)

Apache Tomcat Connectors Apache Tomcat JK (mod_jk) Connector 1.2.0 to 1.2.44

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2018-11759
Created by immunIT

Identificador-CVE-2018-11759
Created by Jul10l1r4

References

https://www.debian.org/security/2018/dsa-4357
vendor-advisoryx_refsource_DEBIAN
https://access.redhat.com/errata/RHSA-2019:0367
vendor-advisoryx_refsource_REDHAT
http://www.securityfocus.com/bid/105888
vdb-entryx_refsource_BID

EPSS Score

96% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 🟑

    Public PoC available

  • πŸ‘Ύ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.