漏洞描述
【漏洞描述】 Apache Tomcat JK(mod_jk) 【涉及版本】1.2.0,1.2.4 【漏洞描述】 由于Apache TomcatWeb服务器(httpd)用于规范请求路径的代码,在匹配Apache TomcatJK(mod_jk)连接器中的URI-Worker映射之前,没有正确处理某些边缘情况(如过滤“;”)导致信息泄露。攻击者可利用该漏洞造成信息泄露。
Apache Tomcat JK (mod_jk) 连接器-目录遍历(CVE-2018-11759)
PoC代码
暂无相关漏洞推荐
-
CVE-2018-11759: Apache Tomcat JK Connect <=1.2.44 - Manager Access POC
2025-09-01 | Apache Tomcat JK ConnectThe Apache Web Server (httpd) specific code that normalised the requested path before matching it to... -
CVE-2020-1938: Ghostcat - Apache Tomcat - AJP File Read/Inclusion Vulnerability POC
2025-09-01 | Apache TomcatWhen using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to... -
tomcat-detect: Apache Tomcat Detect POC
2025-09-01 | Apache TomcatAn Apache Tomcat Manager panel was discovered. app="APACHE-Tomcat" -
CVE-2018-1000600: Pre-auth Fully-responded SSRF POC
2025-09-01 | Pre-authA exposure of sensitive information vulnerability exists in Jenkins GitHub Plugin 1.29.1 and earlier... -
CVE-2018-1000861: Jenkins 2.138 Remote Command Execution POC
2025-09-01 | JenkinsA code execution vulnerability exists in the Stapler web framework used by Jenkins 2.153 and earlier...