CVE-2018-11759 Scanner
Detects 'Path Traversal' vulnerability in Apache Software Foundation Apache Tomcat Connectors affects v. 1.2.0 to 1.2.44.
Short Info
Level
High
Type
Single Scan
Can be used by
Asset Owner
Estimated Time
15 sec
Scan only one
Url
Parent Category
CVE-2018-11759 Scanner Detail
Apache Tomcat Connectors software is a tool that enables communication between Apache HTTP Server and Apache Tomcat, facilitating web application server configuration. The purpose of the software is to provide users with simplicity and ease of use, allowing for swift integration of the Apache HTTP Server and Apache Tomcat. The software is primarily used in a production environment, enabling organizations to optimize their web applications for better performance.
CVE-2018-11759 is a vulnerability discovered in the Apache Tomcat Connectors software. In earlier versions of the software, the code that normalized requested paths wasn't programmed to handle every possible scenario. This resulted in certain edge cases not being handled correctly. An attacker could exploit this vulnerability by submitting specially crafted requests that would expose critical application functionality unintended for client access. The vulnerability could also bypass implemented access controls in some settings.
If exploited, this CVE-2018-11759 vulnerability could have serious ramifications for an organization's digital assets. A cyber attacker could gain access to sensitive data, leading to theft, data breaches, and other malicious activities. Exploitation of this vulnerability would result in a major security incident, jeopardizing the confidentiality, integrity, and availability of affected systems.
Thanks to the pro features of securityforeveryone.com, users can stay informed about potential vulnerabilities in their digital assets. Our advanced platform provides accurate analysis and real-time threat detection, enabling swift action to protect your digital assets from online threats. Sign up today to ensure complete security for your organization's digital assets.
REFERENCES
- http://www.securityfocus.com/bid/105888
- https://access.redhat.com/errata/RHSA-2019:0366
- https://access.redhat.com/errata/RHSA-2019:0367
- https://lists.apache.org/thread.html/277d42b48b6e9aef50949c0dcc79ce21693091d73da246b3c1981925@%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/5b7a23e245c93235c503900da854a143596d901bf1a1f67e851a5de4@%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/6d564bb0ab73d6b3efdd1d6b1c075d1a2c84ecd84a4159d6122529ad@%3Cannounce.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/8d2a579bbd977c225c70cb23b0ec54865fb0dab5da3eff1e060c9935@%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d@%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/r5c616dfc49156e4b06ffab842800c80f4425924d0f20c452c127a53c@%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d@%3Cdev.tomcat.apache.org%3E
- https://lists.debian.org/debian-lts-announce/2018/12/msg00007.html
- https://www.debian.org/security/2018/dsa-4357
- https://www.oracle.com/security-alerts/cpujan2020.html
control security posture