CVE-2018-11759
The Apache Web Server (httpd) specific code that normalised the requested path before matching it to the URI-worker map in Apache Tomcat JK...
Basic Information
- CVE State
- PUBLISHED
- Reserved Date
- June 05, 2018
- Published Date
- October 31, 2018
- Last Updated
- August 05, 2024
- Vendor
- Apache Software Foundation
- Product
- Apache Tomcat Connectors
- Description
- The Apache Web Server (httpd) specific code that normalised the requested path before matching it to the URI-worker map in Apache Tomcat JK (mod_jk) Connector 1.2.0 to 1.2.44 did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via httpd, then it was possible for a specially constructed request to expose application functionality through the reverse proxy that was not intended for clients accessing the application via the reverse proxy. It was also possible in some configurations for a specially constructed request to bypass the access controls configured in httpd. While there is some overlap between this issue and CVE-2018-1323, they are not identical.
CVSS Scores
EPSS Score
- Score
- 94.18% (Percentile: 99.90%) as of 2025-04-29
Exploit Status
- Exploited in the Wild
- Yes (added 2025-04-24 00:00:00 UTC) Source
References
https://www.debian.org/security/2018/dsa-4357
https://access.redhat.com/errata/RHSA-2019:0367
http://www.securityfocus.com/bid/105888
https://lists.apache.org/thread.html/6d564bb0ab73d6b3efdd1d6b1c075d1a2c84ecd84a4159d6122529ad%40%3Cannounce.tomcat.apache.org%3E
https://lists.debian.org/debian-lts-announce/2018/12/msg00007.html
https://access.redhat.com/errata/RHSA-2019:0366
https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/8d2a579bbd977c225c70cb23b0ec54865fb0dab5da3eff1e060c9935%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/277d42b48b6e9aef50949c0dcc79ce21693091d73da246b3c1981925%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/5b7a23e245c93235c503900da854a143596d901bf1a1f67e851a5de4%40%3Cdev.tomcat.apache.org%3E
https://www.oracle.com/security-alerts/cpujan2020.html
https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r5c616dfc49156e4b06ffab842800c80f4425924d0f20c452c127a53c%40%3Cdev.tomcat.apache.org%3E
Known Exploited Vulnerability Information
| Source | Added Date |
|---|---|
| The Shadowserver (via CIRCL) | 2025-04-24 00:00:00 UTC |
Scanner Integrations
| Scanner | URL | Date Detected |
|---|---|---|
| Nuclei | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2018/CVE-2018-11759.yaml | 2025-04-26 00:00:00 UTC |
Potential Proof of Concepts
Warning: These PoCs have not been tested and could contain malware. Use at your own risk.
julioliraup/Identificador-CVE-2018-11759
Type: github • Created: 2024-04-18 14:28:11 UTC • Stars: 0
Jul10l1r4/Identificador-CVE-2018-11759
Type: github • Created: 2018-12-08 02:32:14 UTC • Stars: 5
This exploit for CVE 2018-11759, vulnerability in apache mod_jk, module for load-balancer
immunIT/CVE-2018-11759
Type: github • Created: 2018-11-01 09:11:07 UTC • Stars: 41
Proof of concept showing how to exploit the CVE-2018-11759