Vulnerability Details CVE-2018-1323
The IIS/ISAPI specific code in the Apache Tomcat JK ISAPI Connector 1.2.0 to 1.2.42 that normalised the requested path before matching it to the URI-worker map did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via IIS, then it was possible for a specially constructed request to expose application functionality through the reverse proxy that was not intended for clients accessing Tomcat via the reverse proxy.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.567
EPSS Ranking 98.0%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- http://www.securityfocus.com/bid/103389
- https://access.redhat.com/errata/RHSA-2018:1843
- https://lists.apache.org/thread.html/277d42b48b6e9aef50949c0dcc79ce21693091d73da246b3c1981925%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/5b7a23e245c93235c503900da854a143596d901bf1a1f67e851a5de4%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/6e146bce83578bd870893250ba8354e28f9d8e86c674c30dbeee529f%40%3Cannounce.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/8d2a579bbd977c225c70cb23b0ec54865fb0dab5da3eff1e060c9935%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/r5c616dfc49156e4b06ffab842800c80f4425924d0f20c452c127a53c%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3E
- http://www.securityfocus.com/bid/103389
- https://access.redhat.com/errata/RHSA-2018:1843
- https://lists.apache.org/thread.html/277d42b48b6e9aef50949c0dcc79ce21693091d73da246b3c1981925%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/5b7a23e245c93235c503900da854a143596d901bf1a1f67e851a5de4%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/6e146bce83578bd870893250ba8354e28f9d8e86c674c30dbeee529f%40%3Cannounce.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/8d2a579bbd977c225c70cb23b0ec54865fb0dab5da3eff1e060c9935%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/r5c616dfc49156e4b06ffab842800c80f4425924d0f20c452c127a53c%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3E
Products affected by CVE-2018-1323
-
cpe:2.3:a:apache:tomcat_jk_connector:1.2.0
-
cpe:2.3:a:apache:tomcat_jk_connector:1.2.1
-
cpe:2.3:a:apache:tomcat_jk_connector:1.2.2
-
cpe:2.3:a:apache:tomcat_jk_connector:1.2.3
-
cpe:2.3:a:apache:tomcat_jk_connector:1.2.32
-
cpe:2.3:a:apache:tomcat_jk_connector:1.2.33
-
cpe:2.3:a:apache:tomcat_jk_connector:1.2.35
-
cpe:2.3:a:apache:tomcat_jk_connector:1.2.36
-
cpe:2.3:a:apache:tomcat_jk_connector:1.2.37
-
cpe:2.3:a:apache:tomcat_jk_connector:1.2.39
-
cpe:2.3:a:apache:tomcat_jk_connector:1.2.4
-
cpe:2.3:a:apache:tomcat_jk_connector:1.2.40
-
cpe:2.3:a:apache:tomcat_jk_connector:1.2.41
-
cpe:2.3:a:apache:tomcat_jk_connector:1.2.42