Vulnerabilities > Apache > Tomcat JK Connector

DATE CVE VULNERABILITY TITLE RISK
2018-10-31 CVE-2018-11759 Path Traversal vulnerability in multiple products
The Apache Web Server (httpd) specific code that normalised the requested path before matching it to the URI-worker map in Apache Tomcat JK (mod_jk) Connector 1.2.0 to 1.2.44 did not handle some edge cases correctly.
network
low complexity
apache debian redhat CWE-22
7.5
7.5
2018-03-12 CVE-2018-1323 Information Exposure vulnerability in Apache Tomcat JK Connector
The IIS/ISAPI specific code in the Apache Tomcat JK ISAPI Connector 1.2.0 to 1.2.42 that normalised the requested path before matching it to the URI-worker map did not handle some edge cases correctly.
network
low complexity
apache CWE-200
7.5
7.5
2017-04-12 CVE-2016-6808 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apache Tomcat JK Connector
Buffer overflow in Apache Tomcat Connectors (mod_jk) before 1.2.42.
network
low complexity
apache CWE-119
critical
 9.8
9.8