CVE-2018-1323 is a vulnerability in Apache Tomcat Jk Connector
Published on March 12, 2018
The IIS/ISAPI specific code in the Apache Tomcat JK ISAPI Connector 1.2.0 to 1.2.42 that normalised the requested path before matching it to the URI-worker map did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via IIS, then it was possible for a specially constructed request to expose application functionality through the reverse proxy that was not intended for clients accessing Tomcat via the reverse proxy.
Products Associated with CVE-2018-1323
Want to know whenever a new CVE is published for Apache Tomcat Jk Connector? stack.watch will email you.
Affected Versions
Apache Software Foundation Apache Tomcat Connectors Version Apache Tomcat JK ISAPI Connector 1.2.0 to 1.2.42 is affected by CVE-2018-1323Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.