CVE-2018-11759 Apache Tomcat JK (mod_jk) Connector path traversal
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
- Apache Tomcat JK mod_jk Connector 1.2.0 to 1.2.44
Description:
The Apache Web Server (httpd) specific code that normalised the
requested path
On 20.10.2016 18:23, Christopher Schultz wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Marc,
On 10/20/16 11:34 AM, Marc Chamberlin wrote:
On 10/20/2016 3:19 AM, André Warnier (tomcat) wrote:
On 20.10.2016 01:58, Christopher Schultz wrote:
-BEGIN PGP SIGNED MESSAGE- Hash: SHA
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Marc,
On 10/20/16 11:34 AM, Marc Chamberlin wrote:
> On 10/20/2016 3:19 AM, André Warnier (tomcat) wrote:
>> On 20.10.2016 01:58, Christopher Schultz wrote:
>>> -BEGIN PGP SIGNED MESSAGE- Hash: SHA256
>>>
>>> Marc,
>>>
>>> On 10/18/16 7:59
On 10/20/2016 3:19 AM, André Warnier (tomcat) wrote:
On 20.10.2016 01:58, Christopher Schultz wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Marc,
On 10/18/16 7:59 PM, Marc Chamberlin wrote:
On 10/17/2016 10:36 AM, Rainer Jung wrote:
Alias maps URIs to local file system directories.
On 20.10.2016 01:58, Christopher Schultz wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Marc,
On 10/18/16 7:59 PM, Marc Chamberlin wrote:
On 10/17/2016 10:36 AM, Rainer Jung wrote:
Alias maps URIs to local file system directories. JkMount maps
URIs to remote back end requests.
You c
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Marc,
On 10/18/16 7:59 PM, Marc Chamberlin wrote:
> On 10/17/2016 10:36 AM, Rainer Jung wrote:
>>
>> Alias maps URIs to local file system directories. JkMount maps
>> URIs to remote back end requests.
>>
>> You can not change JkMount forwarding us
On 10/17/2016 10:36 AM, Rainer Jung wrote:
Alias maps URIs to local file system directories.
JkMount maps URIs to remote back end requests.
You can not change JkMount forwarding using Alias (except that if you
have a comflict between Alias and JkMount only one of them wins).
As far as I unde
Am 17.10.2016 um 19:16 schrieb Marc Chamberlin:
Hello - My apologies if this has already been asked or the wrong mail
list, but Google is not coming up with an answer for me, so here goes...
I am trying to set up the mod_jk connector between an Apache HTTPD
server and Tomcat with the intent of
Hello - My apologies if this has already been asked or the wrong mail
list, but Google is not coming up with an answer for me, so here goes...
I am trying to set up the mod_jk connector between an Apache HTTPD
server and Tomcat with the intent of supporting virtual hosts, and
serving static
On 28.01.2016 15:55, Konstantin Kolinko wrote:
2016-01-28 16:44 GMT+03:00 Konstantin Kolinko :
2016-01-28 15:00 GMT+03:00 André Warnier (tomcat) :
Hi.
On the page
http://apache.lauf-forum.at/tomcat/tomcat-connectors/jk/binaries/windows/,
the following mod_jk binaries are available :
[...]
Y
2016-01-28 16:44 GMT+03:00 Konstantin Kolinko :
> 2016-01-28 15:00 GMT+03:00 André Warnier (tomcat) :
>> Hi.
>>
>> On the page
>> http://apache.lauf-forum.at/tomcat/tomcat-connectors/jk/binaries/windows/,
>> the following mod_jk binaries are available :
>>
>> [...]
>
> You may try here:
> http://ww
On 28.01.2016 14:44, Konstantin Kolinko wrote:
2016-01-28 15:00 GMT+03:00 André Warnier (tomcat) :
Hi.
On the page
http://apache.lauf-forum.at/tomcat/tomcat-connectors/jk/binaries/windows/,
the following mod_jk binaries are available :
tomcat-connectors-1.2.40-windows-i386-httpd-2.0.x.zip 20
2016-01-28 15:00 GMT+03:00 André Warnier (tomcat) :
Hi.
On the page
http://apache.lauf-forum.at/tomcat/tomcat-connectors/jk/binaries/windows/,
the following mod_jk binaries are available :
tomcat-connectors-1.2.40-windows-i386-httpd-2.0.x.zip 2014-04-14 21:40
130K ZIP compressed archive
tomc
2016-01-28 15:00 GMT+03:00 André Warnier (tomcat) :
> Hi.
>
> On the page
> http://apache.lauf-forum.at/tomcat/tomcat-connectors/jk/binaries/windows/,
> the following mod_jk binaries are available :
>
> tomcat-connectors-1.2.40-windows-i386-httpd-2.0.x.zip 2014-04-14 21:40
> 130K ZIP compressed
Hi.
On the page http://apache.lauf-forum.at/tomcat/tomcat-connectors/jk/binaries/windows/, the
following mod_jk binaries are available :
tomcat-connectors-1.2.40-windows-i386-httpd-2.0.x.zip 2014-04-14 21:40 130K ZIP
compressed archive
tomcat-connectors-1.2.40-windows-i386-httpd-2.2.x.zip
Am 16.06.2015 13:42, schrieb André Warnier:
Hi.
Can I too ?
Why not?
mod_jk log (debug) :
...
[Tue Jun 16 13:26:21.928 2015] [16334:140682714515200] [debug]
map_uri_to_worker_ext::jk_uri_worker_map.c (1134): Attempting to map
URI '/hudson' from 5 maps
[Tue Jun 16 13:26:21.928 2015] [16334:14
Hi.
Can I too ?
mod_jk log (debug) :
...
[Tue Jun 16 13:26:21.928 2015] [16334:140682714515200] [debug]
map_uri_to_worker_ext::jk_uri_worker_map.c (1134): Attempting to map URI '/hudson' from 5 maps
[Tue Jun 16 13:26:21.928 2015] [16334:140682714515200] [debug]
find_match::jk_uri_worker_map.c
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Mladen,
On 4/25/12 8:56 AM, Mladen Turk wrote:
> On 04/24/2012 09:30 PM, chris derham wrote:
>>>
>> And we have a winner - 64 bit mod_jk now present on
>> http://www.apachelounge.com/download/win64/
>>
>> Thanks for all your help, and apache lounge
> Wow, that was fast.
>>
>> Far better than commercial support IMO
> I am grateful too for the above, but since you appear to have a good
> connection, and for the sake of symmetry, should not one ask them also for
> the 32-bit version ?
>
I sent one email, and he went for it. I don't really ca
Mladen Turk wrote:
On 04/24/2012 09:30 PM, chris derham wrote:
And we have a winner - 64 bit mod_jk now present on
http://www.apachelounge.com/download/win64/
Thanks for all your help, and apache lounge for doing the work
Wow, that was fast.
I am grateful too for the above, but since you
On 04/24/2012 09:30 PM, chris derham wrote:
And we have a winner - 64 bit mod_jk now present on
http://www.apachelounge.com/download/win64/
Thanks for all your help, and apache lounge for doing the work
Wow, that was fast.
Regards
--
^TM
--
>
> > Exactly. Might be better to come from "userland"
>>
>> +1
>>
>
> I have emailed the apache lounge contact email asking if they would
> consider including a build of mod_jk - lets see what happens
>
> Thanks
>
> Chris
>
And we have a winner - 64 bit mod_jk now present on
http://www.apachelou
>
> > Exactly. Might be better to come from "userland"
>
> +1
>
I have emailed the apache lounge contact email asking if they would
consider including a build of mod_jk - lets see what happens
Thanks
Chris
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Mladen,
On 4/23/12 11:36 AM, Mladen Turk wrote:
> On 04/23/2012 04:11 PM, Christopher Schultz wrote:
>>>
>>> The problem is that there are no more 'official' httpd
>>> binaries.
>>
>> Aah, I didn't realize that ASF doesn't have official httpd
>> x86
On 04/23/2012 04:11 PM, Christopher Schultz wrote:
The problem is that there are no more 'official' httpd binaries.
Aah, I didn't realize that ASF doesn't have official httpd x86-64
binaries.
Right, never did have 64-bit, and now no more 32-bit as well.
Probably because the current mainta
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Mladen,
On 4/21/12 12:02 PM, Mladen Turk wrote:
> On 04/19/2012 06:33 PM, Christopher Schultz wrote:
>>
>> I think it's reasonable for us to add x86-64 builds for
>> mod_jk+httpd.
>
> The problem is that there are no more 'official' httpd binaries.
On 04/19/2012 06:33 PM, Christopher Schultz wrote:
I think it's reasonable for us to add x86-64 builds for mod_jk+httpd.
The problem is that there are no more 'official' httpd binaries.
Probably because the current maintainer just get bored, so the
suggested use is to use apachelaunge's binar
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Chris,
On 4/19/12 9:32 AM, chris derham wrote:
> On Wed, Apr 18, 2012 at 5:07 PM, Mladen Turk
> wrote:
>> On 04/18/2012 02:00 PM, chris derham wrote:
>>
>>> All,
>>>
>>> Our setup has apache tomcat running behind apache httpd using
>>> mod_jk. I wo
On Wed, Apr 18, 2012 at 5:07 PM, Mladen Turk wrote:
> On 04/18/2012 02:00 PM, chris derham wrote:
>
>> All,
>>
>> Our setup has apache tomcat running behind apache httpd using mod_jk. I
>> would like to upgrade to apache 2.4, but for this I need to find a 64bit
>> mod_jk release for httpd 2.4. Th
On 04/18/2012 02:00 PM, chris derham wrote:
All,
Our setup has apache tomcat running behind apache httpd using mod_jk. I
would like to upgrade to apache 2.4, but for this I need to find a 64bit
mod_jk release for httpd 2.4. The binaries contained at
http://tomcat.apache.org/download-connectors.c
All,
Our setup has apache tomcat running behind apache httpd using mod_jk. I
would like to upgrade to apache 2.4, but for this I need to find a 64bit
mod_jk release for httpd 2.4. The binaries contained at
http://tomcat.apache.org/download-connectors.cgi 32 bit httpd connectors,
or a 64bit iis one
n.
Just my two cents,
/mde/
--- On Wed, 2/3/10, daulat khan wrote:
> From: daulat khan
> Subject: Mod_JK connector configuration Error
> To: "Tomcat Users List" , us...@httpd.apache.org
> Date: Wednesday, February 3, 2010, 6:12 PM
> Hi,
>
> i am hittin
Hi,
i am hitting the following error while configuring mod_jk connector in
solaris 10 machine. i am using sun studio tools for compiling.
tomcat connector latest verson 1.2.28
apache latest verson 2.2.14
and tomcat latest version 6.0.20
configure: error: You must specify a valid --with-apxs
Just set one up about 3 minutes ago. Works great. =)
Warm regards,
Jordan Michaels
Vivio Technologies
http://www.viviotech.net/
Open BlueDragon Steering Committee
Railo Community Distributions
Luis Esquivel wrote:
Has anyone tried to make the mod_jk work with IIS7.5?
Thanks!
Luis Esquivel
Ap
Has anyone tried to make the mod_jk work with IIS7.5?
Thanks!
Luis Esquivel
Application Development
Public Employees' Retirement Assoc. of Colorado
1301 Pennsylvania Street
Denver, CO 80203
303 - 837 - 6296
environment: Tomcat 6.0.18 under apache2 on Mac OS X Server 10.5
(Leopard).
I am using a mod_jk connector with JBoss.
I am having trouble getting context urls of the form website.my.com/
myapplication honoured.
(Safari:File not found).I have googled the error message below but
can't
Caldarale, Charles R schrieb:
From: Thanuja Danda [mailto:[EMAIL PROTECTED]
Subject: Re: Configuring Apache with Tomcat using mod_jk connector
I removed the workers.java_home and workers.tomcat_home from
workers.properties. I was just following the instructions from
http://tomcat.apache.org
> From: Thanuja Danda [mailto:[EMAIL PROTECTED]
> Subject: Re: Configuring Apache with Tomcat using mod_jk connector
>
> I removed the workers.java_home and workers.tomcat_home from
> workers.properties. I was just following the instructions from
> http://tomcat.apache.
- Original Message -
From: "Thanuja Danda" <[EMAIL PROTECTED]>
To:
Sent: Saturday, June 07, 2008 4:27 PM
Subject: Configuring Apache with Tomcat using mod_jk connector
Hi All,
I have an issue configuring Apache/2.2.8 (True 64 Unix) integration with
Tomcat 5.0
dy to resend 0
>>>> [Sat Jun 07 10:42:10 2008] [637092:3223019520] [error] jk_ajp_common.c
>>>> (1004): (worker1) can't receive the response message from tomcat, tomcat
>>>> (
>>>> 127.0.0.1:2004) has forced a connection close for socket 6
>&g
tp://tomcat.apache.org/connectors-doc/webserver_howto/apache.html
HTH
Martin-
- Original Message - From: "Thanuja Danda" <
[EMAIL PROTECTED]>
To:
Sent: Saturday, June 07, 2008 10:27 AM
Subject: Configuring Apache with Tomcat using mod_jk connector
Hi All,
verify there is *not* an asterisk
>>> before JkMount in the line above I copied from your config below?
>>>
>>> Otherwise, you don't need workers.java_home or workers.tomcat_home --
>>> mod_jk doesn't care where your tomcat home or jva home are. Lastly, is
>
ective in your %APACHE_HOME%/conf/httpd.conf ?
# send all requests ending in .jsp to ajp13
JkMount /*.jsp ajp13
http://tomcat.apache.org/connectors-doc/webserver_howto/apache.html
HTH
Martin-
- Original Message - From: "Thanuja Danda" <[EMAIL PROTECTED]>
To:
Sent: Sa
in .jsp to ajp13
>>> JkMount /*.jsp ajp13
>>>
>>> http://tomcat.apache.org/connectors-doc/webserver_howto/apache.html
>>>
>>> HTH
>>> Martin-
>>> - Original Message - From: "Thanuja Danda" <[EMAIL PROTECTED]>
>>&
.apache.org/connectors-doc/webserver_howto/apache.html
HTH
Martin-
- Original Message - From: "Thanuja Danda" <[EMAIL PROTECTED]>
To:
Sent: Saturday, June 07, 2008 10:27 AM
Subject: Configuring Apache with Tomcat using mod_jk connector
Hi All,
I have an issue configuri
pache.org/connectors-doc/webserver_howto/apache.html
>
> HTH
> Martin-
> - Original Message - From: "Thanuja Danda" <[EMAIL PROTECTED]>
> To:
> Sent: Saturday, June 07, 2008 10:27 AM
> Subject: Configuring Apache with Tomcat using mod_jk connector
>
&g
OTECTED]>
To:
Sent: Saturday, June 07, 2008 10:27 AM
Subject: Configuring Apache with Tomcat using mod_jk connector
Hi All,
I have an issue configuring Apache/2.2.8 (True 64 Unix) integration with
Tomcat 5.0.28 using mod_jk/1.2.26. Both Apache and Tomcat are running on
the
same machine. W
Hi All,
I have an issue configuring Apache/2.2.8 (True 64 Unix) integration with
Tomcat 5.0.28 using mod_jk/1.2.26. Both Apache and Tomcat are running on the
same machine. While configuring, I followed the instructions from
http://tomcat.apache.org/connectors-doc/webserver_howto/apache.html. I
che
Chezang wrote:
I'm trying to integrate Apache2.0.55 with Tomcat5.5 using mod_jk. I did
the following but failed to achieve what I want.
I'd use Apache 2.2 with mod_proxy_ajp. IMO the configuration is much
simpler than with mod_jk.
--
Mikolaj Rydzewski <[EMAIL PROTECTED]>
smime.p7s
Descri
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
hi there,
I'm trying to integrate Apache2.0.55 with Tomcat5.5 using mod_jk. I did
the following but failed to achieve what I want.
WinXP Professional SP2
Apache2.0.55
Tomcat5.5.17
My Apache and Tomcat servers are working fine. http://localhost/ give
1.2.15 ist current stable for linux also. The page is wrong.
I don't know where the binaries come from, so unfortunately at the
moment there seems to be no binary download. If you build yourself, take
1.2.15 sources.
Paul Smith wrote:
I notice here:
http://www.apache.org/dist/tomcat/tomcat-con
I notice here:
http://www.apache.org/dist/tomcat/tomcat-connectors/jk/binaries/
That there are various 'stable' versions for certain O/S. In
particular I notice that mod_jk 1.2.15 is considered stable for
Solaris and w32 but not Linux.
Any reason? We've done a lot of performance testing w
From: "Michael Andreas Omerou" <[EMAIL PROTECTED]>
To: "'Martin Gainty'" <[EMAIL PROTECTED]>
Cc: "'Tomcat Users List'"
Sent: Wednesday, December 14, 2005 10:09 AM
Subject: RE: Problem with mod_jk Connector
Hi Martin,
Thanks f
--- Original Message -
From: "Michael Andreas Omerou" <[EMAIL PROTECTED]>
To: "'Martin Gainty'" <[EMAIL PROTECTED]>
Cc: "'Tomcat Users List'"
Sent: Wednesday, December 14, 2005 10:09 AM
Subject: RE: Problem with mod_jk Connector
Hi Mart
nal Message-
>From: Martin Gainty [mailto:[EMAIL PROTECTED]
>Sent: 11 December 2005 16:11
>To: [EMAIL PROTECTED]
>Cc: Tomcat Users List
>Subject: Re: Problem with mod_jk Connector
>
>Straight from the doc available at
>http://tomcat.apache.org/connectors-doc/config/apa
05 23:02
To: [EMAIL PROTECTED]
Cc: 'Tomcat Users List'
Subject: Re: Problem with mod_jk Connector
what this says is that all requests goto ajp13 worker I will
need to see worker.properties file and the value of forwardAll
set JkLogLevel info
Martin-
- Original Message -
Fr
Users List'
>Subject: Re: Problem with mod_jk Connector
>
>what this says is that all requests goto ajp13 worker I will
>need to see worker.properties file and the value of forwardAll
>set JkLogLevel info
>
>Martin-
>- Original Message -
>From: "Michae
;" ; "'Martin Gainty'"
<[EMAIL PROTECTED]>
Sent: Saturday, December 10, 2005 2:33 PM
Subject: RE: Problem with mod_jk Connector
Hi Martin,
Below is the extract from my httpd.conf:
LoadModule jk_module modules/mod_jk-1.2.15-solaris8-sparc-apache-1.3.33.so
JkWorkersFile /us
rg
>Subject: Re: Problem with mod_jk Connector
>
>Michael-
>in your httpd.conf we need to see JKMount statement for
>handling *.jsp pages see
>http://tomcat.apache.org/tomcat-4.1-doc/config/jk.html
>e.g.
>For example the following directives will send all requests
>end
<[EMAIL PROTECTED]>
To:
Sent: Saturday, December 10, 2005 10:25 AM
Subject: Problem with mod_jk Connector
Hello,
I have a Solaris server where I use Apache and Tomcat and I connect them
using mod_jk. So far I was using mod_jk 1.2.5 and all requests to Apache
were forwarded to Tomcat. Then
Hello,
I have a Solaris server where I use Apache and Tomcat and I connect them
using mod_jk. So far I was using mod_jk 1.2.5 and all requests to Apache
were forwarded to Tomcat. Then, I needed to host some things under Apache
(basically web statistics software, webmail, etc.). So I thought of
Well, he has written that "I have downloaded the following
application" so that doesn't seem to be legacy. And normally these
stuffs work quite independently of hardware apart from performance, but
the latest Java works quite good in old machines.
Or at least, if I were he, I would use
> ==
> Date: Thu, 10 Nov 2005 13:12:33 +0100
> From: "Seak, Teng-Fong" <[EMAIL PROTECTED]>
> To: Tomcat Users List
> Subject: Re: Mod_jk Connector
> ==
>
> A curious question: I've lots of mails here
Just guessing: They got legacy stuff and want to use it and doesnt have
the man power to upgrade it or development is discarded but their still
users who want to work with it - just a thought.
Afaik 4.1.31 is the latest 4.1.x Tomcat, so its not old.
Its like FreeBSD 4.X vs 6.X which was released
A curious question: I've lots of mails here in which people are
using old versions of stuffs. Real old stuffs! For example, Tomcat
reaches already 5.5.12. Why don't you get the latest ones to see it
works first?
Kaushal Shriyan wrote:
I have downloaded the following application
httpd-
ure what goes wrong.
>
> -Original Message-
> From: Kaushal Shriyan [mailto:[EMAIL PROTECTED]
> Sent: Thursday, November 10, 2005 2:50 PM
> To: users@tomcat.apache.org
> Subject: Mod_jk Connector
>
> I have downloaded the following application
>
> httpd-2.
he's httpd.conf.
Andoni.
- Original Message -
From: Kaushal Shriyan
Newsgroups: gmane.comp.jakarta.tomcat.user
Sent: Thursday, November 10, 2005 6:50 AM
Subject: Mod_jk Connector
I have downloaded the following application
httpd-2.0.49.tar.gz
jakarta-tomcat-4.1.31.tar
that is different from my previous installation is that
I downloaded the latest isapi_redirect.dll release in nov.
Still not sure what goes wrong.
-Original Message-
From: Kaushal Shriyan [mailto:[EMAIL PROTECTED]
Sent: Thursday, November 10, 2005 2:50 PM
To: users@tomcat.apache.org
Subject:
I have downloaded the following application
httpd-2.0.49.tar.gz
jakarta-tomcat-4.1.31.tar.gz
jakarta-tomcat-connectors-1.2.15-src.tar.gz
I am able to check http://localhost:8080/index.jsp
and http://localhost
But when I do http://localhost/examples it says
Not Found
The requested URL /example
69 matches
Mail list logo
