Back to KEVs

CVE-2018-11759

The Apache Web Server (httpd) specific code that normalised the requested path before matching it to the URI-worker map in Apache Tomcat JK...

Basic Information

CVE State
PUBLISHED
Reserved Date
June 05, 2018
Published Date
October 31, 2018
Last Updated
August 05, 2024
Vendor
Apache Software Foundation
Product
Apache Tomcat Connectors
Description
The Apache Web Server (httpd) specific code that normalised the requested path before matching it to the URI-worker map in Apache Tomcat JK (mod_jk) Connector 1.2.0 to 1.2.44 did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via httpd, then it was possible for a specially constructed request to expose application functionality through the reverse proxy that was not intended for clients accessing the application via the reverse proxy. It was also possible in some configurations for a specially constructed request to bypass the access controls configured in httpd. While there is some overlap between this issue and CVE-2018-1323, they are not identical.
Tags
apache nuclei_scanner

CVSS Scores

CVSS v2.0

5.0

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

EPSS Score

Score
94.18% (Percentile: 99.90%) as of 2025-05-22

Exploit Status

Exploited in the Wild
Yes (2025-05-08 00:00:00 UTC) Source

References

https://www.debian.org/security/2018/dsa-4357 https://access.redhat.com/errata/RHSA-2019:0367 http://www.securityfocus.com/bid/105888 https://lists.apache.org/thread.html/6d564bb0ab73d6b3efdd1d6b1c075d1a2c84ecd84a4159d6122529ad%40%3Cannounce.tomcat.apache.org%3E https://lists.debian.org/debian-lts-announce/2018/12/msg00007.html https://access.redhat.com/errata/RHSA-2019:0366 https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/8d2a579bbd977c225c70cb23b0ec54865fb0dab5da3eff1e060c9935%40%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/277d42b48b6e9aef50949c0dcc79ce21693091d73da246b3c1981925%40%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/5b7a23e245c93235c503900da854a143596d901bf1a1f67e851a5de4%40%3Cdev.tomcat.apache.org%3E https://www.oracle.com/security-alerts/cpujan2020.html https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/r5c616dfc49156e4b06ffab842800c80f4425924d0f20c452c127a53c%40%3Cdev.tomcat.apache.org%3E

Known Exploited Vulnerability Information

Source Added Date
The Shadowserver (via CIRCL) 2025-04-24 00:00:00 UTC

Scanner Integrations

Scanner URL Date Detected
Nuclei https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2018/CVE-2018-11759.yaml 2025-04-26 00:00:00 UTC

Potential Proof of Concepts

Warning: These PoCs have not been tested and could contain malware. Use at your own risk.

julioliraup/Identificador-CVE-2018-11759

Type: github • Created: 2024-04-18 14:28:11 UTC • Stars: 0

Jul10l1r4/Identificador-CVE-2018-11759

Type: github • Created: 2018-12-08 02:32:14 UTC • Stars: 5

This exploit for CVE 2018-11759, vulnerability in apache mod_jk, module for load-balancer

immunIT/CVE-2018-11759

Type: github • Created: 2018-11-01 09:11:07 UTC • Stars: 41

Proof of concept showing how to exploit the CVE-2018-11759

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Added to KEVIntel

  • Detected by Nuclei