Apache Tomcat JK Connector CVE-2018-11759 Directory Traversal Vulnerability
BID:105888
CVE-2018-11759 |Info
Apache Tomcat JK Connector CVE-2018-11759 Directory Traversal Vulnerability
| Bugtraq ID: | 105888 |
| Class: | Input Validation Error |
| CVE: |
CVE-2018-11759 |
| Remote: | Yes |
| Local: | No |
| Published: | Oct 31 2018 12:00AM |
| Updated: | Oct 31 2018 12:00AM |
| Credit: | Alphan Yavas from Biznet Bilisim A.S. |
| Vulnerable: |
Apache Tomcat JK Connector 1.2.44 Apache Tomcat JK Connector 1.2.43 Apache Tomcat JK Connector 1.2.42 Apache Tomcat JK Connector 1.2.41 Apache Tomcat JK Connector 1.2 |
| Not Vulnerable: |
Apache Tomcat JK Connector 1.2.46 |
Discussion
Apache Tomcat JK Connector CVE-2018-11759 Directory Traversal Vulnerability
Apache Tomcat JK Connector is prone to a directory-traversal vulnerability because the application fails to sufficiently sanitize user-supplied input.
Remote attackers may use a specially crafted request with directory-traversal sequences ('../') to retrieve arbitrary files from the affected system in the context of the application. Information obtained could aid in further attacks.
Apache Tomcat JK Connector 1.2.0 through 1.2.44 are vulnerable.
Apache Tomcat JK Connector is prone to a directory-traversal vulnerability because the application fails to sufficiently sanitize user-supplied input.
Remote attackers may use a specially crafted request with directory-traversal sequences ('../') to retrieve arbitrary files from the affected system in the context of the application. Information obtained could aid in further attacks.
Apache Tomcat JK Connector 1.2.0 through 1.2.44 are vulnerable.
References
Apache Tomcat JK Connector CVE-2018-11759 Directory Traversal Vulnerability
References:
References: