Is CVE-2018-11759 known to be exploited?

40 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Apache Software Foundation Tomcat Connectors

CVE-2018-11759

The Apache Web Server (httpd) specific code that normalised the requested path before matching it to the URI-worker map in Apache Tomcat JK (mod_jk) Connector 1.2.0 to 1.2.44 did not handle some edge cases correctly. If only a sub-set of t…

EPSS: 0.942 (99.9th percentile) — read the EPSS interpretation.

Affected products

Apache Software Foundation Tomcat Connectors — versions Apache Tomcat JK (mod_jk) Connector 1.2.0 to 1.2.44

Public proof-of-concept exploits

References

DSA-4357 (vendor-advisory, x_refsource_DEBIAN)
RHSA-2019:0367 (x_refsource_REDHAT, vendor-advisory)
105888 (vdb-entry, x_refsource_BID)
lists.apache.org/thread.html/6d564bb0ab73d6b3efdd1d6b1c075d1a2c84ecd84a4159d612… (x_refsource_MISC)
[debian-lts-announce] 20181217 [SECURITY] [DLA 1609-1] libapache-mod-jk security update (mailing-list, x_refsource_MLIST)
RHSA-2019:0366 (x_refsource_REDHAT, vendor-advisory)
[tomcat-dev] 20190319 svn commit: r1855831 [26/30] - in /tomcat/site/trunk: ./ docs/ xdocs/ (mailing-list, x_refsource_MLIST)
[tomcat-dev] 20190325 svn commit: r1856174 [25/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/ (mailing-list, x_refsource_MLIST)
[tomcat-dev] 20190413 svn commit: r1857494 [18/20] - in /tomcat/site/trunk: ./ docs/ xdocs/ (mailing-list, x_refsource_MLIST)
[tomcat-dev] 20190415 svn commit: r1857582 [20/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/ (mailing-list, x_refsource_MLIST)

Frequently asked questions

What is CVE-2018-11759?: CVE-2018-11759 is a vulnerability in Apache Software Foundation Tomcat Connectors. Published 2018-10-31.
Is CVE-2018-11759 known to be exploited?: 40 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.