漏洞描述
【漏洞描述】 Apache Tomcat JK(mod_jk) 【涉及版本】1.2.0,1.2.4 【漏洞描述】 由于Apache TomcatWeb服务器(httpd)用于规范请求路径的代码,在匹配Apache TomcatJK(mod_jk)连接器中的URI-Worker映射之前,没有正确处理某些边缘情况(如过滤“;”)导致信息泄露。攻击者可利用该漏洞造成信息泄露。
Apache Tomcat JK (mod_jk) 连接器-目录遍历(CVE-2018-11759)
PoC代码
暂无相关漏洞推荐
- Apache Tomcat URL重写绕过漏洞 (CVE-2025-55752)
- tomcat-default-login: Apahce Tomcat Manager Default Login
- POC CVE-2020-13935: Apache Tomcat WebSocket Frame Payload Length Validation Denial of Service
- POC CVE-2007-2449: Apache Tomcat 4.x-7.x - Cross-Site Scripting
- CVE-2016-8735: Apache Tomcat - Remote Code Execution via JMX Ports
- POC CVE-2017-12615: Apache Tomcat Servers - Remote Code Execution
- POC CVE-2017-12617: Apache Tomcat - Remote Code Execution
- POC CVE-2018-11759: Apache Tomcat JK Connect <=1.2.44 - Manager Access
- POC CVE-2018-11784: Apache Tomcat - Open Redirect
- POC CVE-2019-0221: Apache Tomcat - Cross-Site Scripting
- POC CVE-2019-0232: Apache Tomcat `CGIServlet` enableCmdLineArguments - Remote Code Execution
- POC CVE-2020-9484: Apache Tomcat Remote Command Execution
- POC CVE-2025-24813: Apache Tomcat Path Equivalence - Remote Code Execution