Vulnerability: Apache Tomcat JK Connect <=1.2.44 - Manager Access

Apache Tomcat JK (mod_jk) Connector 1.2.0 to 1.2.44 allows specially constructed requests to expose application functionality through the reverse proxy. It is also possible in some configurations for a specially constructed request to bypass the access controls configured in httpd. While there is some overlap between this issue and CVE-2018-1323, they are not identical.

Impact

Unauthenticated attackers can gain unauthorized access to the Apache Tomcat Manager interface, potentially leading to further compromise of the server.

Severity

high

Verified

Unknown