CVE-2018-1323

Name of the Vulnerable Software and Affected Versions Apache Tomcat JK ISAPI Connector versions 1.2.0 through 1.2.42

Description The issue concerns the normalization of requested paths in the Apache Tomcat JK ISAPI Connector. It did not handle certain edge cases correctly, potentially allowing a specially constructed request to expose application functionality through the reverse proxy that was not intended for clients accessing Tomcat via the reverse proxy.

Recommendations For Apache Tomcat JK ISAPI Connector versions 1.2.0 through 1.2.42, consider updating to a version that addresses this issue, as the current version may allow unintended exposure of application functionality. At the moment, there is no information about a newer version that contains a fix for this vulnerability.