Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-fnpy-4qyf-kfbb

Summary The Apache Web Server (httpd) specific code that normalised the requested path before matching it to the URI-worker map in Apache Tomcat JK (mod_jk) Connector 1.2.0 to 1.2.44 did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via httpd, then it was possible for a specially constructed request to expose application functionality through the reverse proxy that was not intended for clients accessing the application via the reverse proxy. It was also possible in some configurations for a specially constructed request to bypass the access controls configured in httpd. While there is some overlap between this issue and CVE-2018-1323, they are not identical.

Aliases

alias	CVE-2018-11759

Fixed_packages

url pkg:deb/debian/libapache-mod-jk@1:1.2.46-0%2Bdeb9u1

purl pkg:deb/debian/libapache-mod-jk@1:1.2.46-0%2Bdeb9u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-be2x-k5w6-fybd

vulnerability	VCID-c8db-7qb9-ckan

vulnerability	VCID-fnpy-4qyf-kfbb

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libapache-mod-jk@1:1.2.46-0%252Bdeb9u1

url pkg:deb/debian/libapache-mod-jk@1:1.2.46-1%2Bdeb10u1

purl pkg:deb/debian/libapache-mod-jk@1:1.2.46-1%2Bdeb10u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-be2x-k5w6-fybd

vulnerability	VCID-c8db-7qb9-ckan

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libapache-mod-jk@1:1.2.46-1%252Bdeb10u1

url	pkg:deb/debian/libapache-mod-jk@1:1.2.46-1?distro=trixie
purl	pkg:deb/debian/libapache-mod-jk@1:1.2.46-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libapache-mod-jk@1:1.2.46-1%3Fdistro=trixie

url	pkg:deb/debian/libapache-mod-jk@1:1.2.48-1%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/libapache-mod-jk@1:1.2.48-1%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libapache-mod-jk@1:1.2.48-1%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/libapache-mod-jk@1:1.2.48-2%2Bdeb12u2?distro=trixie
purl	pkg:deb/debian/libapache-mod-jk@1:1.2.48-2%2Bdeb12u2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libapache-mod-jk@1:1.2.48-2%252Bdeb12u2%3Fdistro=trixie

url	pkg:deb/debian/libapache-mod-jk@1:1.2.50-1?distro=trixie
purl	pkg:deb/debian/libapache-mod-jk@1:1.2.50-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libapache-mod-jk@1:1.2.50-1%3Fdistro=trixie

Affected_packages

url pkg:deb/debian/libapache-mod-jk@1:1.2.37-4

purl pkg:deb/debian/libapache-mod-jk@1:1.2.37-4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-be2x-k5w6-fybd

vulnerability	VCID-c8db-7qb9-ckan

vulnerability	VCID-fnpy-4qyf-kfbb

vulnerability	VCID-syn7-dsre-9qg3

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libapache-mod-jk@1:1.2.37-4

url pkg:deb/debian/libapache-mod-jk@1:1.2.37-4%2Bdeb8u1

purl pkg:deb/debian/libapache-mod-jk@1:1.2.37-4%2Bdeb8u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-be2x-k5w6-fybd

vulnerability	VCID-c8db-7qb9-ckan

vulnerability	VCID-fnpy-4qyf-kfbb

vulnerability	VCID-syn7-dsre-9qg3

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libapache-mod-jk@1:1.2.37-4%252Bdeb8u1

url pkg:deb/debian/libapache-mod-jk@1:1.2.46-0%2Bdeb9u1

purl pkg:deb/debian/libapache-mod-jk@1:1.2.46-0%2Bdeb9u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-be2x-k5w6-fybd

vulnerability	VCID-c8db-7qb9-ckan

vulnerability	VCID-fnpy-4qyf-kfbb

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libapache-mod-jk@1:1.2.46-0%252Bdeb9u1

url pkg:deb/debian/libapache-mod-jk@1:1.2.5-2sarge1

purl pkg:deb/debian/libapache-mod-jk@1:1.2.5-2sarge1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-be2x-k5w6-fybd

vulnerability	VCID-c8db-7qb9-ckan

vulnerability	VCID-cjfj-4js9-tyf2

vulnerability	VCID-f5mx-3ftb-ykhz

vulnerability	VCID-fnpy-4qyf-kfbb

vulnerability	VCID-syn7-dsre-9qg3

vulnerability	VCID-wcfh-wsfa-3ufv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libapache-mod-jk@1:1.2.5-2sarge1

url pkg:deb/debian/libapache-mod-jk@1:1.2.18-3

purl pkg:deb/debian/libapache-mod-jk@1:1.2.18-3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-be2x-k5w6-fybd

vulnerability	VCID-c8db-7qb9-ckan

vulnerability	VCID-cjfj-4js9-tyf2

vulnerability	VCID-f5mx-3ftb-ykhz

vulnerability	VCID-fnpy-4qyf-kfbb

vulnerability	VCID-syn7-dsre-9qg3

vulnerability	VCID-wcfh-wsfa-3ufv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libapache-mod-jk@1:1.2.18-3

url pkg:deb/debian/libapache-mod-jk@1:1.2.18-3etch2

purl pkg:deb/debian/libapache-mod-jk@1:1.2.18-3etch2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-be2x-k5w6-fybd

vulnerability	VCID-c8db-7qb9-ckan

vulnerability	VCID-cjfj-4js9-tyf2

vulnerability	VCID-f5mx-3ftb-ykhz

vulnerability	VCID-fnpy-4qyf-kfbb

vulnerability	VCID-syn7-dsre-9qg3

vulnerability	VCID-wcfh-wsfa-3ufv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libapache-mod-jk@1:1.2.18-3etch2

url pkg:deb/debian/libapache-mod-jk@1:1.2.26-2%2Blenny1

purl pkg:deb/debian/libapache-mod-jk@1:1.2.26-2%2Blenny1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-be2x-k5w6-fybd

vulnerability	VCID-c8db-7qb9-ckan

vulnerability	VCID-cjfj-4js9-tyf2

vulnerability	VCID-fnpy-4qyf-kfbb

vulnerability	VCID-syn7-dsre-9qg3

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libapache-mod-jk@1:1.2.26-2%252Blenny1

url pkg:deb/debian/libapache-mod-jk@1:1.2.30-1squeeze1

purl pkg:deb/debian/libapache-mod-jk@1:1.2.30-1squeeze1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-be2x-k5w6-fybd

vulnerability	VCID-c8db-7qb9-ckan

vulnerability	VCID-fnpy-4qyf-kfbb

vulnerability	VCID-syn7-dsre-9qg3

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libapache-mod-jk@1:1.2.30-1squeeze1

url pkg:deb/debian/libapache-mod-jk@1:1.2.30-1squeeze2

purl pkg:deb/debian/libapache-mod-jk@1:1.2.30-1squeeze2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-be2x-k5w6-fybd

vulnerability	VCID-c8db-7qb9-ckan

vulnerability	VCID-fnpy-4qyf-kfbb

vulnerability	VCID-syn7-dsre-9qg3

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libapache-mod-jk@1:1.2.30-1squeeze2

url pkg:deb/debian/libapache-mod-jk@1:1.2.37-1%2Bdeb7u1

purl pkg:deb/debian/libapache-mod-jk@1:1.2.37-1%2Bdeb7u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-be2x-k5w6-fybd

vulnerability	VCID-c8db-7qb9-ckan

vulnerability	VCID-fnpy-4qyf-kfbb

vulnerability	VCID-syn7-dsre-9qg3

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libapache-mod-jk@1:1.2.37-1%252Bdeb7u1

url pkg:rpm/redhat/jbcs-httpd24@1-6.jbcs?arch=el6

purl pkg:rpm/redhat/jbcs-httpd24@1-6.jbcs?arch=el6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5qj8-vuec-h3fg

vulnerability	VCID-62uq-vyd8-mfbt

vulnerability	VCID-9nbn-wceh-rfd9

vulnerability	VCID-bp2p-twzt-wkap

vulnerability	VCID-bzpc-s4tb-1yhg

vulnerability	VCID-fnpy-4qyf-kfbb

vulnerability	VCID-hk7s-5xmv-1kca

vulnerability	VCID-k8cj-882g-sfac

vulnerability	VCID-ndjs-6nmc-9yg1

vulnerability	VCID-ny3v-m8gs-3bf2

vulnerability	VCID-pfpr-8td6-t7dc

vulnerability	VCID-tgwb-8x2b-abfy

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jbcs-httpd24@1-6.jbcs%3Farch=el6

url pkg:rpm/redhat/jbcs-httpd24@1-6.jbcs?arch=el7

purl pkg:rpm/redhat/jbcs-httpd24@1-6.jbcs?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5qj8-vuec-h3fg

vulnerability	VCID-62uq-vyd8-mfbt

vulnerability	VCID-9nbn-wceh-rfd9

vulnerability	VCID-bp2p-twzt-wkap

vulnerability	VCID-bzpc-s4tb-1yhg

vulnerability	VCID-fnpy-4qyf-kfbb

vulnerability	VCID-hk7s-5xmv-1kca

vulnerability	VCID-k8cj-882g-sfac

vulnerability	VCID-ndjs-6nmc-9yg1

vulnerability	VCID-ny3v-m8gs-3bf2

vulnerability	VCID-pfpr-8td6-t7dc

vulnerability	VCID-tgwb-8x2b-abfy

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jbcs-httpd24@1-6.jbcs%3Farch=el7

url pkg:rpm/redhat/jbcs-httpd24-apache-commons-daemon-jsvc@1:1.1.0-3.redhat_2.jbcs?arch=el6

purl pkg:rpm/redhat/jbcs-httpd24-apache-commons-daemon-jsvc@1:1.1.0-3.redhat_2.jbcs?arch=el6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5qj8-vuec-h3fg

vulnerability	VCID-62uq-vyd8-mfbt

vulnerability	VCID-9nbn-wceh-rfd9

vulnerability	VCID-bp2p-twzt-wkap

vulnerability	VCID-bzpc-s4tb-1yhg

vulnerability	VCID-fnpy-4qyf-kfbb

vulnerability	VCID-hk7s-5xmv-1kca

vulnerability	VCID-k8cj-882g-sfac

vulnerability	VCID-ndjs-6nmc-9yg1

vulnerability	VCID-ny3v-m8gs-3bf2

vulnerability	VCID-pfpr-8td6-t7dc

vulnerability	VCID-tgwb-8x2b-abfy

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jbcs-httpd24-apache-commons-daemon-jsvc@1:1.1.0-3.redhat_2.jbcs%3Farch=el6

url pkg:rpm/redhat/jbcs-httpd24-apache-commons-daemon-jsvc@1:1.1.0-3.redhat_2.jbcs?arch=el7

purl pkg:rpm/redhat/jbcs-httpd24-apache-commons-daemon-jsvc@1:1.1.0-3.redhat_2.jbcs?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5qj8-vuec-h3fg

vulnerability	VCID-62uq-vyd8-mfbt

vulnerability	VCID-9nbn-wceh-rfd9

vulnerability	VCID-bp2p-twzt-wkap

vulnerability	VCID-bzpc-s4tb-1yhg

vulnerability	VCID-fnpy-4qyf-kfbb

vulnerability	VCID-hk7s-5xmv-1kca

vulnerability	VCID-k8cj-882g-sfac

vulnerability	VCID-ndjs-6nmc-9yg1

vulnerability	VCID-ny3v-m8gs-3bf2

vulnerability	VCID-pfpr-8td6-t7dc

vulnerability	VCID-tgwb-8x2b-abfy

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jbcs-httpd24-apache-commons-daemon-jsvc@1:1.1.0-3.redhat_2.jbcs%3Farch=el7

url pkg:rpm/redhat/jbcs-httpd24-apr@1.6.3-31.jbcs?arch=el6

purl pkg:rpm/redhat/jbcs-httpd24-apr@1.6.3-31.jbcs?arch=el6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5qj8-vuec-h3fg

vulnerability	VCID-62uq-vyd8-mfbt

vulnerability	VCID-9nbn-wceh-rfd9

vulnerability	VCID-bp2p-twzt-wkap

vulnerability	VCID-bzpc-s4tb-1yhg

vulnerability	VCID-fnpy-4qyf-kfbb

vulnerability	VCID-hk7s-5xmv-1kca

vulnerability	VCID-k8cj-882g-sfac

vulnerability	VCID-ndjs-6nmc-9yg1

vulnerability	VCID-ny3v-m8gs-3bf2

vulnerability	VCID-pfpr-8td6-t7dc

vulnerability	VCID-tgwb-8x2b-abfy

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jbcs-httpd24-apr@1.6.3-31.jbcs%3Farch=el6

url pkg:rpm/redhat/jbcs-httpd24-apr@1.6.3-31.jbcs?arch=el7

purl pkg:rpm/redhat/jbcs-httpd24-apr@1.6.3-31.jbcs?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5qj8-vuec-h3fg

vulnerability	VCID-62uq-vyd8-mfbt

vulnerability	VCID-9nbn-wceh-rfd9

vulnerability	VCID-bp2p-twzt-wkap

vulnerability	VCID-bzpc-s4tb-1yhg

vulnerability	VCID-fnpy-4qyf-kfbb

vulnerability	VCID-hk7s-5xmv-1kca

vulnerability	VCID-k8cj-882g-sfac

vulnerability	VCID-ndjs-6nmc-9yg1

vulnerability	VCID-ny3v-m8gs-3bf2

vulnerability	VCID-pfpr-8td6-t7dc

vulnerability	VCID-tgwb-8x2b-abfy

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jbcs-httpd24-apr@1.6.3-31.jbcs%3Farch=el7

url pkg:rpm/redhat/jbcs-httpd24-apr-util@1.6.1-24.jbcs?arch=el6

purl pkg:rpm/redhat/jbcs-httpd24-apr-util@1.6.1-24.jbcs?arch=el6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5qj8-vuec-h3fg

vulnerability	VCID-62uq-vyd8-mfbt

vulnerability	VCID-9nbn-wceh-rfd9

vulnerability	VCID-bp2p-twzt-wkap

vulnerability	VCID-bzpc-s4tb-1yhg

vulnerability	VCID-fnpy-4qyf-kfbb

vulnerability	VCID-hk7s-5xmv-1kca

vulnerability	VCID-k8cj-882g-sfac

vulnerability	VCID-ndjs-6nmc-9yg1

vulnerability	VCID-ny3v-m8gs-3bf2

vulnerability	VCID-pfpr-8td6-t7dc

vulnerability	VCID-tgwb-8x2b-abfy

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jbcs-httpd24-apr-util@1.6.1-24.jbcs%3Farch=el6

url pkg:rpm/redhat/jbcs-httpd24-apr-util@1.6.1-24.jbcs?arch=el7

purl pkg:rpm/redhat/jbcs-httpd24-apr-util@1.6.1-24.jbcs?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5qj8-vuec-h3fg

vulnerability	VCID-62uq-vyd8-mfbt

vulnerability	VCID-9nbn-wceh-rfd9

vulnerability	VCID-bp2p-twzt-wkap

vulnerability	VCID-bzpc-s4tb-1yhg

vulnerability	VCID-fnpy-4qyf-kfbb

vulnerability	VCID-hk7s-5xmv-1kca

vulnerability	VCID-k8cj-882g-sfac

vulnerability	VCID-ndjs-6nmc-9yg1

vulnerability	VCID-ny3v-m8gs-3bf2

vulnerability	VCID-pfpr-8td6-t7dc

vulnerability	VCID-tgwb-8x2b-abfy

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jbcs-httpd24-apr-util@1.6.1-24.jbcs%3Farch=el7

url pkg:rpm/redhat/jbcs-httpd24-httpd@2.4.29-35.jbcs?arch=el6

purl pkg:rpm/redhat/jbcs-httpd24-httpd@2.4.29-35.jbcs?arch=el6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5qj8-vuec-h3fg

vulnerability	VCID-62uq-vyd8-mfbt

vulnerability	VCID-9nbn-wceh-rfd9

vulnerability	VCID-bp2p-twzt-wkap

vulnerability	VCID-bzpc-s4tb-1yhg

vulnerability	VCID-fnpy-4qyf-kfbb

vulnerability	VCID-hk7s-5xmv-1kca

vulnerability	VCID-k8cj-882g-sfac

vulnerability	VCID-ndjs-6nmc-9yg1

vulnerability	VCID-ny3v-m8gs-3bf2

vulnerability	VCID-pfpr-8td6-t7dc

vulnerability	VCID-tgwb-8x2b-abfy

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jbcs-httpd24-httpd@2.4.29-35.jbcs%3Farch=el6

url pkg:rpm/redhat/jbcs-httpd24-httpd@2.4.29-35.jbcs?arch=el7

purl pkg:rpm/redhat/jbcs-httpd24-httpd@2.4.29-35.jbcs?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5qj8-vuec-h3fg

vulnerability	VCID-62uq-vyd8-mfbt

vulnerability	VCID-9nbn-wceh-rfd9

vulnerability	VCID-bp2p-twzt-wkap

vulnerability	VCID-bzpc-s4tb-1yhg

vulnerability	VCID-fnpy-4qyf-kfbb

vulnerability	VCID-hk7s-5xmv-1kca

vulnerability	VCID-k8cj-882g-sfac

vulnerability	VCID-ndjs-6nmc-9yg1

vulnerability	VCID-ny3v-m8gs-3bf2

vulnerability	VCID-pfpr-8td6-t7dc

vulnerability	VCID-tgwb-8x2b-abfy

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jbcs-httpd24-httpd@2.4.29-35.jbcs%3Farch=el7

url pkg:rpm/redhat/jbcs-httpd24-mod_cluster-native@1.3.8-3.Final_redhat_2.jbcs?arch=el7

purl pkg:rpm/redhat/jbcs-httpd24-mod_cluster-native@1.3.8-3.Final_redhat_2.jbcs?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5qj8-vuec-h3fg

vulnerability	VCID-62uq-vyd8-mfbt

vulnerability	VCID-9nbn-wceh-rfd9

vulnerability	VCID-bp2p-twzt-wkap

vulnerability	VCID-bzpc-s4tb-1yhg

vulnerability	VCID-fnpy-4qyf-kfbb

vulnerability	VCID-hk7s-5xmv-1kca

vulnerability	VCID-k8cj-882g-sfac

vulnerability	VCID-ndjs-6nmc-9yg1

vulnerability	VCID-ny3v-m8gs-3bf2

vulnerability	VCID-pfpr-8td6-t7dc

vulnerability	VCID-tgwb-8x2b-abfy

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jbcs-httpd24-mod_cluster-native@1.3.8-3.Final_redhat_2.jbcs%3Farch=el7

url pkg:rpm/redhat/jbcs-httpd24-mod_cluster-native@1.3.8-3.Final_redhat_2.jbcs?arch=el6

purl pkg:rpm/redhat/jbcs-httpd24-mod_cluster-native@1.3.8-3.Final_redhat_2.jbcs?arch=el6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5qj8-vuec-h3fg

vulnerability	VCID-62uq-vyd8-mfbt

vulnerability	VCID-9nbn-wceh-rfd9

vulnerability	VCID-bp2p-twzt-wkap

vulnerability	VCID-bzpc-s4tb-1yhg

vulnerability	VCID-fnpy-4qyf-kfbb

vulnerability	VCID-hk7s-5xmv-1kca

vulnerability	VCID-k8cj-882g-sfac

vulnerability	VCID-ndjs-6nmc-9yg1

vulnerability	VCID-ny3v-m8gs-3bf2

vulnerability	VCID-pfpr-8td6-t7dc

vulnerability	VCID-tgwb-8x2b-abfy

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jbcs-httpd24-mod_cluster-native@1.3.8-3.Final_redhat_2.jbcs%3Farch=el6

url pkg:rpm/redhat/jbcs-httpd24-mod_jk@1.2.46-1.redhat_1.jbcs?arch=el6

purl pkg:rpm/redhat/jbcs-httpd24-mod_jk@1.2.46-1.redhat_1.jbcs?arch=el6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5qj8-vuec-h3fg

vulnerability	VCID-62uq-vyd8-mfbt

vulnerability	VCID-9nbn-wceh-rfd9

vulnerability	VCID-bp2p-twzt-wkap

vulnerability	VCID-bzpc-s4tb-1yhg

vulnerability	VCID-fnpy-4qyf-kfbb

vulnerability	VCID-hk7s-5xmv-1kca

vulnerability	VCID-k8cj-882g-sfac

vulnerability	VCID-ndjs-6nmc-9yg1

vulnerability	VCID-ny3v-m8gs-3bf2

vulnerability	VCID-pfpr-8td6-t7dc

vulnerability	VCID-tgwb-8x2b-abfy

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jbcs-httpd24-mod_jk@1.2.46-1.redhat_1.jbcs%3Farch=el6

url pkg:rpm/redhat/jbcs-httpd24-mod_jk@1.2.46-1.redhat_1.jbcs?arch=el7

purl pkg:rpm/redhat/jbcs-httpd24-mod_jk@1.2.46-1.redhat_1.jbcs?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5qj8-vuec-h3fg

vulnerability	VCID-62uq-vyd8-mfbt

vulnerability	VCID-9nbn-wceh-rfd9

vulnerability	VCID-bp2p-twzt-wkap

vulnerability	VCID-bzpc-s4tb-1yhg

vulnerability	VCID-fnpy-4qyf-kfbb

vulnerability	VCID-hk7s-5xmv-1kca

vulnerability	VCID-k8cj-882g-sfac

vulnerability	VCID-ndjs-6nmc-9yg1

vulnerability	VCID-ny3v-m8gs-3bf2

vulnerability	VCID-pfpr-8td6-t7dc

vulnerability	VCID-tgwb-8x2b-abfy

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jbcs-httpd24-mod_jk@1.2.46-1.redhat_1.jbcs%3Farch=el7

url pkg:rpm/redhat/jbcs-httpd24-nghttp2@1.29.0-9.jbcs?arch=el6

purl pkg:rpm/redhat/jbcs-httpd24-nghttp2@1.29.0-9.jbcs?arch=el6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5qj8-vuec-h3fg

vulnerability	VCID-62uq-vyd8-mfbt

vulnerability	VCID-9nbn-wceh-rfd9

vulnerability	VCID-bp2p-twzt-wkap

vulnerability	VCID-bzpc-s4tb-1yhg

vulnerability	VCID-fnpy-4qyf-kfbb

vulnerability	VCID-hk7s-5xmv-1kca

vulnerability	VCID-k8cj-882g-sfac

vulnerability	VCID-ndjs-6nmc-9yg1

vulnerability	VCID-ny3v-m8gs-3bf2

vulnerability	VCID-pfpr-8td6-t7dc

vulnerability	VCID-tgwb-8x2b-abfy

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jbcs-httpd24-nghttp2@1.29.0-9.jbcs%3Farch=el6

url pkg:rpm/redhat/jbcs-httpd24-nghttp2@1.29.0-9.jbcs?arch=el7

purl pkg:rpm/redhat/jbcs-httpd24-nghttp2@1.29.0-9.jbcs?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5qj8-vuec-h3fg

vulnerability	VCID-62uq-vyd8-mfbt

vulnerability	VCID-9nbn-wceh-rfd9

vulnerability	VCID-bp2p-twzt-wkap

vulnerability	VCID-bzpc-s4tb-1yhg

vulnerability	VCID-fnpy-4qyf-kfbb

vulnerability	VCID-hk7s-5xmv-1kca

vulnerability	VCID-k8cj-882g-sfac

vulnerability	VCID-ndjs-6nmc-9yg1

vulnerability	VCID-ny3v-m8gs-3bf2

vulnerability	VCID-pfpr-8td6-t7dc

vulnerability	VCID-tgwb-8x2b-abfy

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jbcs-httpd24-nghttp2@1.29.0-9.jbcs%3Farch=el7

url pkg:rpm/redhat/jbcs-httpd24-openssl@1:1.0.2n-14.jbcs?arch=el6

purl pkg:rpm/redhat/jbcs-httpd24-openssl@1:1.0.2n-14.jbcs?arch=el6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5qj8-vuec-h3fg

vulnerability	VCID-62uq-vyd8-mfbt

vulnerability	VCID-9nbn-wceh-rfd9

vulnerability	VCID-bp2p-twzt-wkap

vulnerability	VCID-bzpc-s4tb-1yhg

vulnerability	VCID-fnpy-4qyf-kfbb

vulnerability	VCID-hk7s-5xmv-1kca

vulnerability	VCID-k8cj-882g-sfac

vulnerability	VCID-ndjs-6nmc-9yg1

vulnerability	VCID-ny3v-m8gs-3bf2

vulnerability	VCID-pfpr-8td6-t7dc

vulnerability	VCID-tgwb-8x2b-abfy

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jbcs-httpd24-openssl@1:1.0.2n-14.jbcs%3Farch=el6

url pkg:rpm/redhat/jbcs-httpd24-openssl@1:1.0.2n-14.jbcs?arch=el7

purl pkg:rpm/redhat/jbcs-httpd24-openssl@1:1.0.2n-14.jbcs?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5qj8-vuec-h3fg

vulnerability	VCID-62uq-vyd8-mfbt

vulnerability	VCID-9nbn-wceh-rfd9

vulnerability	VCID-bp2p-twzt-wkap

vulnerability	VCID-bzpc-s4tb-1yhg

vulnerability	VCID-fnpy-4qyf-kfbb

vulnerability	VCID-hk7s-5xmv-1kca

vulnerability	VCID-k8cj-882g-sfac

vulnerability	VCID-ndjs-6nmc-9yg1

vulnerability	VCID-ny3v-m8gs-3bf2

vulnerability	VCID-pfpr-8td6-t7dc

vulnerability	VCID-tgwb-8x2b-abfy

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jbcs-httpd24-openssl@1:1.0.2n-14.jbcs%3Farch=el7

References

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11759.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11759.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-11759

reference_id

reference_type

scores

value	0.94184
scoring_system	epss
scoring_elements	0.99923
published_at	2026-06-05T12:55:00Z

value	0.94242
scoring_system	epss
scoring_elements	0.99932
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-11759

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11759
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11759

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1645589
reference_id	1645589
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1645589

reference_url	https://access.redhat.com/errata/RHSA-2019:0366
reference_id	RHSA-2019:0366
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:0366

reference_url	https://access.redhat.com/errata/RHSA-2019:0367
reference_id	RHSA-2019:0367
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:0367

Weaknesses

cwe_id	22
name	Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
description	The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Exploits

Severity_range_score 7.5 - 7.5

Exploitability 2.0

Weighted_severity 6.8

Risk_score 10.0

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fnpy-4qyf-kfbb

Vulnerability Instance