Apache Tomcat JK Connector CVE-2018-1323 Directory Traversal Vulnerability

Apache Tomcat JK Connector is prone to a directory-traversal vulnerability because the application fails to sufficiently sanitize user-supplied input.

Remote attackers may use a specially crafted request with directory-traversal sequences ('../') to retrieve arbitrary files from the affected system in the context of the application. Information obtained could aid in further attacks.

Apache Tomcat JK Connector 1.2.0 through 1.2.42 are vulnerable.


 

Privacy Statement
Copyright 2010, SecurityFocus