VYPR

Tomcat Connectors

by Apache

Source repositories

CVEs (6)

  • CVE-2016-6808CriApr 12, 2017
    risk 0.65cvss 9.8epss 0.19

    Buffer overflow in Apache Tomcat Connectors (mod_jk) before 1.2.42.

  • CVE-2018-1323HigMar 12, 2018
    risk 0.52cvss 7.5epss 0.44

    The IIS/ISAPI specific code in the Apache Tomcat JK ISAPI Connector 1.2.0 to 1.2.42 that normalised the requested path before matching it to the URI-worker map did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via IIS, then…

  • CVE-2018-11759Oct 31, 2018
    risk 0.08cvss epss 0.91

    The Apache Web Server (httpd) specific code that normalised the requested path before matching it to the URI-worker map in Apache Tomcat JK (mod_jk) Connector 1.2.0 to 1.2.44 did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed…

  • CVE-2014-8111Apr 21, 2015
    risk 0.01cvss epss 0.07

    Apache Tomcat Connectors (mod_jk) before 1.2.41 ignores JkUnmount rules for subtrees of previous JkMount rules, which allows remote attackers to access otherwise restricted artifacts via unspecified vectors.

  • CVE-2024-46544Sep 23, 2024
    risk 0.00cvss epss 0.00

    Incorrect Default Permissions vulnerability in Apache Tomcat Connectors allows local users to view and modify shared memory containing mod_jk configuration which may lead to information disclosure and/or denial of service. This issue affects Apache Tomcat Connectors: from…

  • CVE-2023-41081Sep 13, 2023
    risk 0.00cvss epss 0.01

    Important: Authentication Bypass CVE-2023-41081 The mod_jk component of Apache Tomcat Connectors in some circumstances, such as when a configuration included "JkOptions +ForwardDirectories" but the configuration did not provide explicit mounts for all possible proxied…