CVE-2018-11759

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The Apache Web Server (httpd) specific code that normalised the requested path before matching it to the URI-worker map in Apache Tomcat JK (mod_jk) Connector 1.2.0 to 1.2.44 did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via httpd, then it was possible for a specially constructed request to expose application functionality through the reverse proxy that was not intended for clients accessing the application via the reverse proxy. It was also possible in some configurations for a specially constructed request to bypass the access controls configured in httpd. While there is some overlap between this issue and CVE-2018-1323, they are not identical.

References

http://www.securityfocus.com/bid/105888

https://access.redhat.com/errata/RHSA-2019:0366

https://access.redhat.com/errata/RHSA-2019:0367

https://lists.apache.org/thread.html/[email protected]%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cannounce.tomcat.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cdev.tomcat.apache.org%3E

https://lists.debian.org/debian-lts-announce/2018/12/msg00007.html

https://www.debian.org/security/2018/dsa-4357

Details

Source: MITRE

Published: 2018-10-31

Updated: 2019-04-15

Type: CWE-22

Risk Information

CVSS v2

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Impact Score: 3.6

Exploitability Score: 3.9

Severity: HIGH

Tenable Plugins

View all (10 total)

IDNameProductFamilySeverity
125666SUSE SLES12 Security Update : apache2-mod_jk (SUSE-SU-2018:3963-2)NessusSuSE Local Security Checks
high
123393openSUSE Security Update : apache2-mod_jk (openSUSE-2019-970)NessusSuSE Local Security Checks
high
98522Apache Tomcat JK Connector 1.2.x < 1.2.46 Access Control BypassWeb Application ScanningComponent Vulnerability
high
122292RHEL 6 / 7 : Red Hat JBoss Core Services Apache HTTP Server 2.4.29 (RHSA-2019:0367)NessusRed Hat Local Security Checks
critical
120175SUSE SLES15 Security Update : apache2-mod_jk (SUSE-SU-2018:3969-1)NessusSuSE Local Security Checks
high
119850Debian DSA-4357-1 : libapache-mod-jk - security updateNessusDebian Local Security Checks
high
119729Debian DLA-1609-1 : libapache-mod-jk security updateNessusDebian Local Security Checks
high
119543openSUSE Security Update : apache2-mod_jk (openSUSE-2018-1510)NessusSuSE Local Security Checks
high
119336SUSE SLES11 Security Update : apache2-mod_jk (SUSE-SU-2018:3970-1)NessusSuSE Local Security Checks
high
119333SUSE SLES12 Security Update : apache2-mod_jk (SUSE-SU-2018:3963-1)NessusSuSE Local Security Checks
high