Tomcat Connectors
by Apache
Source repositories
CVEs (6)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-6808 | Cri | 0.65 | 9.8 | 0.19 | Apr 12, 2017 | Buffer overflow in Apache Tomcat Connectors (mod_jk) before 1.2.42. | ||
| CVE-2018-1323 | Hig | 0.52 | 7.5 | 0.44 | Mar 12, 2018 | The IIS/ISAPI specific code in the Apache Tomcat JK ISAPI Connector 1.2.0 to 1.2.42 that normalised the requested path before matching it to the URI-worker map did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via IIS, then… | ||
| CVE-2018-11759 | 0.08 | — | 0.91 | Oct 31, 2018 | The Apache Web Server (httpd) specific code that normalised the requested path before matching it to the URI-worker map in Apache Tomcat JK (mod_jk) Connector 1.2.0 to 1.2.44 did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed… | |||
| CVE-2014-8111 | 0.01 | — | 0.07 | Apr 21, 2015 | Apache Tomcat Connectors (mod_jk) before 1.2.41 ignores JkUnmount rules for subtrees of previous JkMount rules, which allows remote attackers to access otherwise restricted artifacts via unspecified vectors. | |||
| CVE-2024-46544 | 0.00 | — | 0.00 | Sep 23, 2024 | Incorrect Default Permissions vulnerability in Apache Tomcat Connectors allows local users to view and modify shared memory containing mod_jk configuration which may lead to information disclosure and/or denial of service. This issue affects Apache Tomcat Connectors: from… | |||
| CVE-2023-41081 | 0.00 | — | 0.01 | Sep 13, 2023 | Important: Authentication Bypass CVE-2023-41081 The mod_jk component of Apache Tomcat Connectors in some circumstances, such as when a configuration included "JkOptions +ForwardDirectories" but the configuration did not provide explicit mounts for all possible proxied… |
- risk 0.65cvss 9.8epss 0.19
Buffer overflow in Apache Tomcat Connectors (mod_jk) before 1.2.42.
- risk 0.52cvss 7.5epss 0.44
The IIS/ISAPI specific code in the Apache Tomcat JK ISAPI Connector 1.2.0 to 1.2.42 that normalised the requested path before matching it to the URI-worker map did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via IIS, then…
- CVE-2018-11759Oct 31, 2018risk 0.08cvss —epss 0.91
The Apache Web Server (httpd) specific code that normalised the requested path before matching it to the URI-worker map in Apache Tomcat JK (mod_jk) Connector 1.2.0 to 1.2.44 did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed…
- CVE-2014-8111Apr 21, 2015risk 0.01cvss —epss 0.07
Apache Tomcat Connectors (mod_jk) before 1.2.41 ignores JkUnmount rules for subtrees of previous JkMount rules, which allows remote attackers to access otherwise restricted artifacts via unspecified vectors.
- CVE-2024-46544Sep 23, 2024risk 0.00cvss —epss 0.00
Incorrect Default Permissions vulnerability in Apache Tomcat Connectors allows local users to view and modify shared memory containing mod_jk configuration which may lead to information disclosure and/or denial of service. This issue affects Apache Tomcat Connectors: from…
- CVE-2023-41081Sep 13, 2023risk 0.00cvss —epss 0.01
Important: Authentication Bypass CVE-2023-41081 The mod_jk component of Apache Tomcat Connectors in some circumstances, such as when a configuration included "JkOptions +ForwardDirectories" but the configuration did not provide explicit mounts for all possible proxied…