This page lists publicly disclosed CVE vulnerabilities affecting apache tomcat_jk_connector (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2018-11759 | The Apache Web Server (httpd) specific code that normalised the requested path before matching it to the URI-worker map in Apache Tomcat JK (mod_jk) Connector 1.2.0 to 1.2.44 did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via httpd, then it was possible for a specially constructed request to expose application functionality through the reverse proxy that was not intended for clients accessing the application via the reverse proxy. It was | [email protected] | 7.5 | 94.24% | 2018-10-31 | 2024-11-21 |
| CVE-2018-1323 | The IIS/ISAPI specific code in the Apache Tomcat JK ISAPI Connector 1.2.0 to 1.2.42 that normalised the requested path before matching it to the URI-worker map did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via IIS, then it was possible for a specially constructed request to expose application functionality through the reverse proxy that was not intended for clients accessing Tomcat via the reverse proxy. | [email protected] | 7.5 | 31.77% | 2018-03-12 | 2024-11-21 |
| CVE-2016-6808 | Buffer overflow in Apache Tomcat Connectors (mod_jk) before 1.2.42. | [email protected] | 9.8 | 30.39% | 2017-04-12 | 2026-05-13 |