{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75298?format=json","vulnerability_id":"VCID-fnpy-4qyf-kfbb","summary":"The Apache Web Server (httpd) specific code that normalised the requested path before matching it to the URI-worker map in Apache Tomcat JK (mod_jk) Connector 1.2.0 to 1.2.44 did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via httpd, then it was possible for a specially constructed request to expose application functionality through the reverse proxy that was not intended for clients accessing the application via the reverse proxy. It was also possible in some configurations for a specially constructed request to bypass the access controls configured in httpd. While there is some overlap between this issue and CVE-2018-1323, they are not identical.","aliases":[{"alias":"CVE-2018-11759"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/515696?format=json","purl":"pkg:deb/debian/libapache-mod-jk@1:1.2.46-0%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-be2x-k5w6-fybd"},{"vulnerability":"VCID-c8db-7qb9-ckan"},{"vulnerability":"VCID-fnpy-4qyf-kfbb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libapache-mod-jk@1:1.2.46-0%252Bdeb9u1"},{"url":"http://public2.vulnerablecode.io/api/packages/101076?format=json","purl":"pkg:deb/debian/libapache-mod-jk@1:1.2.46-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libapache-mod-jk@1:1.2.46-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/554771?format=json","purl":"pkg:deb/debian/libapache-mod-jk@1:1.2.46-1%2Bdeb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-be2x-k5w6-fybd"},{"vulnerability":"VCID-c8db-7qb9-ckan"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libapache-mod-jk@1:1.2.46-1%252Bdeb10u1"},{"url":"http://public2.vulnerablecode.io/api/packages/101064?format=json","purl":"pkg:deb/debian/libapache-mod-jk@1:1.2.48-1%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libapache-mod-jk@1:1.2.48-1%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101062?format=json","purl":"pkg:deb/debian/libapache-mod-jk@1:1.2.48-2%2Bdeb12u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libapache-mod-jk@1:1.2.48-2%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101065?format=json","purl":"pkg:deb/debian/libapache-mod-jk@1:1.2.50-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libapache-mod-jk@1:1.2.50-1%3Fdistro=trixie"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/207628?format=json","purl":"pkg:deb/debian/libapache-mod-jk@1:1.2.5-2sarge1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-be2x-k5w6-fybd"},{"vulnerability":"VCID-c8db-7qb9-ckan"},{"vulnerability":"VCID-cjfj-4js9-tyf2"},{"vulnerability":"VCID-f5mx-3ftb-ykhz"},{"vulnerability":"VCID-fnpy-4qyf-kfbb"},{"vulnerability":"VCID-syn7-dsre-9qg3"},{"vulnerability":"VCID-wcfh-wsfa-3ufv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libapache-mod-jk@1:1.2.5-2sarge1"},{"url":"http://public2.vulnerablecode.io/api/packages/207629?format=json","purl":"pkg:deb/debian/libapache-mod-jk@1:1.2.18-3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-be2x-k5w6-fybd"},{"vulnerability":"VCID-c8db-7qb9-ckan"},{"vulnerability":"VCID-cjfj-4js9-tyf2"},{"vulnerability":"VCID-f5mx-3ftb-ykhz"},{"vulnerability":"VCID-fnpy-4qyf-kfbb"},{"vulnerability":"VCID-syn7-dsre-9qg3"},{"vulnerability":"VCID-wcfh-wsfa-3ufv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libapache-mod-jk@1:1.2.18-3"},{"url":"http://public2.vulnerablecode.io/api/packages/207630?format=json","purl":"pkg:deb/debian/libapache-mod-jk@1:1.2.18-3etch2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-be2x-k5w6-fybd"},{"vulnerability":"VCID-c8db-7qb9-ckan"},{"vulnerability":"VCID-cjfj-4js9-tyf2"},{"vulnerability":"VCID-f5mx-3ftb-ykhz"},{"vulnerability":"VCID-fnpy-4qyf-kfbb"},{"vulnerability":"VCID-syn7-dsre-9qg3"},{"vulnerability":"VCID-wcfh-wsfa-3ufv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libapache-mod-jk@1:1.2.18-3etch2"},{"url":"http://public2.vulnerablecode.io/api/packages/207631?format=json","purl":"pkg:deb/debian/libapache-mod-jk@1:1.2.26-2%2Blenny1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-be2x-k5w6-fybd"},{"vulnerability":"VCID-c8db-7qb9-ckan"},{"vulnerability":"VCID-cjfj-4js9-tyf2"},{"vulnerability":"VCID-fnpy-4qyf-kfbb"},{"vulnerability":"VCID-syn7-dsre-9qg3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libapache-mod-jk@1:1.2.26-2%252Blenny1"},{"url":"http://public2.vulnerablecode.io/api/packages/207632?format=json","purl":"pkg:deb/debian/libapache-mod-jk@1:1.2.30-1squeeze1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-be2x-k5w6-fybd"},{"vulnerability":"VCID-c8db-7qb9-ckan"},{"vulnerability":"VCID-fnpy-4qyf-kfbb"},{"vulnerability":"VCID-syn7-dsre-9qg3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libapache-mod-jk@1:1.2.30-1squeeze1"},{"url":"http://public2.vulnerablecode.io/api/packages/207633?format=json","purl":"pkg:deb/debian/libapache-mod-jk@1:1.2.30-1squeeze2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-be2x-k5w6-fybd"},{"vulnerability":"VCID-c8db-7qb9-ckan"},{"vulnerability":"VCID-fnpy-4qyf-kfbb"},{"vulnerability":"VCID-syn7-dsre-9qg3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libapache-mod-jk@1:1.2.30-1squeeze2"},{"url":"http://public2.vulnerablecode.io/api/packages/207634?format=json","purl":"pkg:deb/debian/libapache-mod-jk@1:1.2.37-1%2Bdeb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-be2x-k5w6-fybd"},{"vulnerability":"VCID-c8db-7qb9-ckan"},{"vulnerability":"VCID-fnpy-4qyf-kfbb"},{"vulnerability":"VCID-syn7-dsre-9qg3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libapache-mod-jk@1:1.2.37-1%252Bdeb7u1"},{"url":"http://public2.vulnerablecode.io/api/packages/514930?format=json","purl":"pkg:deb/debian/libapache-mod-jk@1:1.2.37-4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-be2x-k5w6-fybd"},{"vulnerability":"VCID-c8db-7qb9-ckan"},{"vulnerability":"VCID-fnpy-4qyf-kfbb"},{"vulnerability":"VCID-syn7-dsre-9qg3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libapache-mod-jk@1:1.2.37-4"},{"url":"http://public2.vulnerablecode.io/api/packages/514931?format=json","purl":"pkg:deb/debian/libapache-mod-jk@1:1.2.37-4%2Bdeb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-be2x-k5w6-fybd"},{"vulnerability":"VCID-c8db-7qb9-ckan"},{"vulnerability":"VCID-fnpy-4qyf-kfbb"},{"vulnerability":"VCID-syn7-dsre-9qg3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libapache-mod-jk@1:1.2.37-4%252Bdeb8u1"},{"url":"http://public2.vulnerablecode.io/api/packages/515696?format=json","purl":"pkg:deb/debian/libapache-mod-jk@1:1.2.46-0%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-be2x-k5w6-fybd"},{"vulnerability":"VCID-c8db-7qb9-ckan"},{"vulnerability":"VCID-fnpy-4qyf-kfbb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libapache-mod-jk@1:1.2.46-0%252Bdeb9u1"},{"url":"http://public2.vulnerablecode.io/api/packages/146440?format=json","purl":"pkg:rpm/redhat/jbcs-httpd24@1-6.jbcs?arch=el6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5qj8-vuec-h3fg"},{"vulnerability":"VCID-62uq-vyd8-mfbt"},{"vulnerability":"VCID-9nbn-wceh-rfd9"},{"vulnerability":"VCID-bp2p-twzt-wkap"},{"vulnerability":"VCID-bzpc-s4tb-1yhg"},{"vulnerability":"VCID-fnpy-4qyf-kfbb"},{"vulnerability":"VCID-hk7s-5xmv-1kca"},{"vulnerability":"VCID-k8cj-882g-sfac"},{"vulnerability":"VCID-ndjs-6nmc-9yg1"},{"vulnerability":"VCID-ny3v-m8gs-3bf2"},{"vulnerability":"VCID-pfpr-8td6-t7dc"},{"vulnerability":"VCID-tgwb-8x2b-abfy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jbcs-httpd24@1-6.jbcs%3Farch=el6"},{"url":"http://public2.vulnerablecode.io/api/packages/146441?format=json","purl":"pkg:rpm/redhat/jbcs-httpd24@1-6.jbcs?arch=el7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5qj8-vuec-h3fg"},{"vulnerability":"VCID-62uq-vyd8-mfbt"},{"vulnerability":"VCID-9nbn-wceh-rfd9"},{"vulnerability":"VCID-bp2p-twzt-wkap"},{"vulnerability":"VCID-bzpc-s4tb-1yhg"},{"vulnerability":"VCID-fnpy-4qyf-kfbb"},{"vulnerability":"VCID-hk7s-5xmv-1kca"},{"vulnerability":"VCID-k8cj-882g-sfac"},{"vulnerability":"VCID-ndjs-6nmc-9yg1"},{"vulnerability":"VCID-ny3v-m8gs-3bf2"},{"vulnerability":"VCID-pfpr-8td6-t7dc"},{"vulnerability":"VCID-tgwb-8x2b-abfy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jbcs-httpd24@1-6.jbcs%3Farch=el7"},{"url":"http://public2.vulnerablecode.io/api/packages/146435?format=json","purl":"pkg:rpm/redhat/jbcs-httpd24-apache-commons-daemon-jsvc@1:1.1.0-3.redhat_2.jbcs?arch=el6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5qj8-vuec-h3fg"},{"vulnerability":"VCID-62uq-vyd8-mfbt"},{"vulnerability":"VCID-9nbn-wceh-rfd9"},{"vulnerability":"VCID-bp2p-twzt-wkap"},{"vulnerability":"VCID-bzpc-s4tb-1yhg"},{"vulnerability":"VCID-fnpy-4qyf-kfbb"},{"vulnerability":"VCID-hk7s-5xmv-1kca"},{"vulnerability":"VCID-k8cj-882g-sfac"},{"vulnerability":"VCID-ndjs-6nmc-9yg1"},{"vulnerability":"VCID-ny3v-m8gs-3bf2"},{"vulnerability":"VCID-pfpr-8td6-t7dc"},{"vulnerability":"VCID-tgwb-8x2b-abfy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jbcs-httpd24-apache-commons-daemon-jsvc@1:1.1.0-3.redhat_2.jbcs%3Farch=el6"},{"url":"http://public2.vulnerablecode.io/api/packages/146437?format=json","purl":"pkg:rpm/redhat/jbcs-httpd24-apache-commons-daemon-jsvc@1:1.1.0-3.redhat_2.jbcs?arch=el7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5qj8-vuec-h3fg"},{"vulnerability":"VCID-62uq-vyd8-mfbt"},{"vulnerability":"VCID-9nbn-wceh-rfd9"},{"vulnerability":"VCID-bp2p-twzt-wkap"},{"vulnerability":"VCID-bzpc-s4tb-1yhg"},{"vulnerability":"VCID-fnpy-4qyf-kfbb"},{"vulnerability":"VCID-hk7s-5xmv-1kca"},{"vulnerability":"VCID-k8cj-882g-sfac"},{"vulnerability":"VCID-ndjs-6nmc-9yg1"},{"vulnerability":"VCID-ny3v-m8gs-3bf2"},{"vulnerability":"VCID-pfpr-8td6-t7dc"},{"vulnerability":"VCID-tgwb-8x2b-abfy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jbcs-httpd24-apache-commons-daemon-jsvc@1:1.1.0-3.redhat_2.jbcs%3Farch=el7"},{"url":"http://public2.vulnerablecode.io/api/packages/146443?format=json","purl":"pkg:rpm/redhat/jbcs-httpd24-apr@1.6.3-31.jbcs?arch=el6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5qj8-vuec-h3fg"},{"vulnerability":"VCID-62uq-vyd8-mfbt"},{"vulnerability":"VCID-9nbn-wceh-rfd9"},{"vulnerability":"VCID-bp2p-twzt-wkap"},{"vulnerability":"VCID-bzpc-s4tb-1yhg"},{"vulnerability":"VCID-fnpy-4qyf-kfbb"},{"vulnerability":"VCID-hk7s-5xmv-1kca"},{"vulnerability":"VCID-k8cj-882g-sfac"},{"vulnerability":"VCID-ndjs-6nmc-9yg1"},{"vulnerability":"VCID-ny3v-m8gs-3bf2"},{"vulnerability":"VCID-pfpr-8td6-t7dc"},{"vulnerability":"VCID-tgwb-8x2b-abfy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jbcs-httpd24-apr@1.6.3-31.jbcs%3Farch=el6"},{"url":"http://public2.vulnerablecode.io/api/packages/146447?format=json","purl":"pkg:rpm/redhat/jbcs-httpd24-apr@1.6.3-31.jbcs?arch=el7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5qj8-vuec-h3fg"},{"vulnerability":"VCID-62uq-vyd8-mfbt"},{"vulnerability":"VCID-9nbn-wceh-rfd9"},{"vulnerability":"VCID-bp2p-twzt-wkap"},{"vulnerability":"VCID-bzpc-s4tb-1yhg"},{"vulnerability":"VCID-fnpy-4qyf-kfbb"},{"vulnerability":"VCID-hk7s-5xmv-1kca"},{"vulnerability":"VCID-k8cj-882g-sfac"},{"vulnerability":"VCID-ndjs-6nmc-9yg1"},{"vulnerability":"VCID-ny3v-m8gs-3bf2"},{"vulnerability":"VCID-pfpr-8td6-t7dc"},{"vulnerability":"VCID-tgwb-8x2b-abfy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jbcs-httpd24-apr@1.6.3-31.jbcs%3Farch=el7"},{"url":"http://public2.vulnerablecode.io/api/packages/146449?format=json","purl":"pkg:rpm/redhat/jbcs-httpd24-apr-util@1.6.1-24.jbcs?arch=el6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5qj8-vuec-h3fg"},{"vulnerability":"VCID-62uq-vyd8-mfbt"},{"vulnerability":"VCID-9nbn-wceh-rfd9"},{"vulnerability":"VCID-bp2p-twzt-wkap"},{"vulnerability":"VCID-bzpc-s4tb-1yhg"},{"vulnerability":"VCID-fnpy-4qyf-kfbb"},{"vulnerability":"VCID-hk7s-5xmv-1kca"},{"vulnerability":"VCID-k8cj-882g-sfac"},{"vulnerability":"VCID-ndjs-6nmc-9yg1"},{"vulnerability":"VCID-ny3v-m8gs-3bf2"},{"vulnerability":"VCID-pfpr-8td6-t7dc"},{"vulnerability":"VCID-tgwb-8x2b-abfy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jbcs-httpd24-apr-util@1.6.1-24.jbcs%3Farch=el6"},{"url":"http://public2.vulnerablecode.io/api/packages/146450?format=json","purl":"pkg:rpm/redhat/jbcs-httpd24-apr-util@1.6.1-24.jbcs?arch=el7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5qj8-vuec-h3fg"},{"vulnerability":"VCID-62uq-vyd8-mfbt"},{"vulnerability":"VCID-9nbn-wceh-rfd9"},{"vulnerability":"VCID-bp2p-twzt-wkap"},{"vulnerability":"VCID-bzpc-s4tb-1yhg"},{"vulnerability":"VCID-fnpy-4qyf-kfbb"},{"vulnerability":"VCID-hk7s-5xmv-1kca"},{"vulnerability":"VCID-k8cj-882g-sfac"},{"vulnerability":"VCID-ndjs-6nmc-9yg1"},{"vulnerability":"VCID-ny3v-m8gs-3bf2"},{"vulnerability":"VCID-pfpr-8td6-t7dc"},{"vulnerability":"VCID-tgwb-8x2b-abfy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jbcs-httpd24-apr-util@1.6.1-24.jbcs%3Farch=el7"},{"url":"http://public2.vulnerablecode.io/api/packages/146457?format=json","purl":"pkg:rpm/redhat/jbcs-httpd24-httpd@2.4.29-35.jbcs?arch=el6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5qj8-vuec-h3fg"},{"vulnerability":"VCID-62uq-vyd8-mfbt"},{"vulnerability":"VCID-9nbn-wceh-rfd9"},{"vulnerability":"VCID-bp2p-twzt-wkap"},{"vulnerability":"VCID-bzpc-s4tb-1yhg"},{"vulnerability":"VCID-fnpy-4qyf-kfbb"},{"vulnerability":"VCID-hk7s-5xmv-1kca"},{"vulnerability":"VCID-k8cj-882g-sfac"},{"vulnerability":"VCID-ndjs-6nmc-9yg1"},{"vulnerability":"VCID-ny3v-m8gs-3bf2"},{"vulnerability":"VCID-pfpr-8td6-t7dc"},{"vulnerability":"VCID-tgwb-8x2b-abfy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jbcs-httpd24-httpd@2.4.29-35.jbcs%3Farch=el6"},{"url":"http://public2.vulnerablecode.io/api/packages/146458?format=json","purl":"pkg:rpm/redhat/jbcs-httpd24-httpd@2.4.29-35.jbcs?arch=el7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5qj8-vuec-h3fg"},{"vulnerability":"VCID-62uq-vyd8-mfbt"},{"vulnerability":"VCID-9nbn-wceh-rfd9"},{"vulnerability":"VCID-bp2p-twzt-wkap"},{"vulnerability":"VCID-bzpc-s4tb-1yhg"},{"vulnerability":"VCID-fnpy-4qyf-kfbb"},{"vulnerability":"VCID-hk7s-5xmv-1kca"},{"vulnerability":"VCID-k8cj-882g-sfac"},{"vulnerability":"VCID-ndjs-6nmc-9yg1"},{"vulnerability":"VCID-ny3v-m8gs-3bf2"},{"vulnerability":"VCID-pfpr-8td6-t7dc"},{"vulnerability":"VCID-tgwb-8x2b-abfy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jbcs-httpd24-httpd@2.4.29-35.jbcs%3Farch=el7"},{"url":"http://public2.vulnerablecode.io/api/packages/146444?format=json","purl":"pkg:rpm/redhat/jbcs-httpd24-mod_cluster-native@1.3.8-3.Final_redhat_2.jbcs?arch=el7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5qj8-vuec-h3fg"},{"vulnerability":"VCID-62uq-vyd8-mfbt"},{"vulnerability":"VCID-9nbn-wceh-rfd9"},{"vulnerability":"VCID-bp2p-twzt-wkap"},{"vulnerability":"VCID-bzpc-s4tb-1yhg"},{"vulnerability":"VCID-fnpy-4qyf-kfbb"},{"vulnerability":"VCID-hk7s-5xmv-1kca"},{"vulnerability":"VCID-k8cj-882g-sfac"},{"vulnerability":"VCID-ndjs-6nmc-9yg1"},{"vulnerability":"VCID-ny3v-m8gs-3bf2"},{"vulnerability":"VCID-pfpr-8td6-t7dc"},{"vulnerability":"VCID-tgwb-8x2b-abfy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jbcs-httpd24-mod_cluster-native@1.3.8-3.Final_redhat_2.jbcs%3Farch=el7"},{"url":"http://public2.vulnerablecode.io/api/packages/146446?format=json","purl":"pkg:rpm/redhat/jbcs-httpd24-mod_cluster-native@1.3.8-3.Final_redhat_2.jbcs?arch=el6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5qj8-vuec-h3fg"},{"vulnerability":"VCID-62uq-vyd8-mfbt"},{"vulnerability":"VCID-9nbn-wceh-rfd9"},{"vulnerability":"VCID-bp2p-twzt-wkap"},{"vulnerability":"VCID-bzpc-s4tb-1yhg"},{"vulnerability":"VCID-fnpy-4qyf-kfbb"},{"vulnerability":"VCID-hk7s-5xmv-1kca"},{"vulnerability":"VCID-k8cj-882g-sfac"},{"vulnerability":"VCID-ndjs-6nmc-9yg1"},{"vulnerability":"VCID-ny3v-m8gs-3bf2"},{"vulnerability":"VCID-pfpr-8td6-t7dc"},{"vulnerability":"VCID-tgwb-8x2b-abfy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jbcs-httpd24-mod_cluster-native@1.3.8-3.Final_redhat_2.jbcs%3Farch=el6"},{"url":"http://public2.vulnerablecode.io/api/packages/146436?format=json","purl":"pkg:rpm/redhat/jbcs-httpd24-mod_jk@1.2.46-1.redhat_1.jbcs?arch=el6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5qj8-vuec-h3fg"},{"vulnerability":"VCID-62uq-vyd8-mfbt"},{"vulnerability":"VCID-9nbn-wceh-rfd9"},{"vulnerability":"VCID-bp2p-twzt-wkap"},{"vulnerability":"VCID-bzpc-s4tb-1yhg"},{"vulnerability":"VCID-fnpy-4qyf-kfbb"},{"vulnerability":"VCID-hk7s-5xmv-1kca"},{"vulnerability":"VCID-k8cj-882g-sfac"},{"vulnerability":"VCID-ndjs-6nmc-9yg1"},{"vulnerability":"VCID-ny3v-m8gs-3bf2"},{"vulnerability":"VCID-pfpr-8td6-t7dc"},{"vulnerability":"VCID-tgwb-8x2b-abfy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jbcs-httpd24-mod_jk@1.2.46-1.redhat_1.jbcs%3Farch=el6"},{"url":"http://public2.vulnerablecode.io/api/packages/146438?format=json","purl":"pkg:rpm/redhat/jbcs-httpd24-mod_jk@1.2.46-1.redhat_1.jbcs?arch=el7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5qj8-vuec-h3fg"},{"vulnerability":"VCID-62uq-vyd8-mfbt"},{"vulnerability":"VCID-9nbn-wceh-rfd9"},{"vulnerability":"VCID-bp2p-twzt-wkap"},{"vulnerability":"VCID-bzpc-s4tb-1yhg"},{"vulnerability":"VCID-fnpy-4qyf-kfbb"},{"vulnerability":"VCID-hk7s-5xmv-1kca"},{"vulnerability":"VCID-k8cj-882g-sfac"},{"vulnerability":"VCID-ndjs-6nmc-9yg1"},{"vulnerability":"VCID-ny3v-m8gs-3bf2"},{"vulnerability":"VCID-pfpr-8td6-t7dc"},{"vulnerability":"VCID-tgwb-8x2b-abfy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jbcs-httpd24-mod_jk@1.2.46-1.redhat_1.jbcs%3Farch=el7"},{"url":"http://public2.vulnerablecode.io/api/packages/146452?format=json","purl":"pkg:rpm/redhat/jbcs-httpd24-nghttp2@1.29.0-9.jbcs?arch=el6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5qj8-vuec-h3fg"},{"vulnerability":"VCID-62uq-vyd8-mfbt"},{"vulnerability":"VCID-9nbn-wceh-rfd9"},{"vulnerability":"VCID-bp2p-twzt-wkap"},{"vulnerability":"VCID-bzpc-s4tb-1yhg"},{"vulnerability":"VCID-fnpy-4qyf-kfbb"},{"vulnerability":"VCID-hk7s-5xmv-1kca"},{"vulnerability":"VCID-k8cj-882g-sfac"},{"vulnerability":"VCID-ndjs-6nmc-9yg1"},{"vulnerability":"VCID-ny3v-m8gs-3bf2"},{"vulnerability":"VCID-pfpr-8td6-t7dc"},{"vulnerability":"VCID-tgwb-8x2b-abfy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jbcs-httpd24-nghttp2@1.29.0-9.jbcs%3Farch=el6"},{"url":"http://public2.vulnerablecode.io/api/packages/146454?format=json","purl":"pkg:rpm/redhat/jbcs-httpd24-nghttp2@1.29.0-9.jbcs?arch=el7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5qj8-vuec-h3fg"},{"vulnerability":"VCID-62uq-vyd8-mfbt"},{"vulnerability":"VCID-9nbn-wceh-rfd9"},{"vulnerability":"VCID-bp2p-twzt-wkap"},{"vulnerability":"VCID-bzpc-s4tb-1yhg"},{"vulnerability":"VCID-fnpy-4qyf-kfbb"},{"vulnerability":"VCID-hk7s-5xmv-1kca"},{"vulnerability":"VCID-k8cj-882g-sfac"},{"vulnerability":"VCID-ndjs-6nmc-9yg1"},{"vulnerability":"VCID-ny3v-m8gs-3bf2"},{"vulnerability":"VCID-pfpr-8td6-t7dc"},{"vulnerability":"VCID-tgwb-8x2b-abfy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jbcs-httpd24-nghttp2@1.29.0-9.jbcs%3Farch=el7"},{"url":"http://public2.vulnerablecode.io/api/packages/146453?format=json","purl":"pkg:rpm/redhat/jbcs-httpd24-openssl@1:1.0.2n-14.jbcs?arch=el6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5qj8-vuec-h3fg"},{"vulnerability":"VCID-62uq-vyd8-mfbt"},{"vulnerability":"VCID-9nbn-wceh-rfd9"},{"vulnerability":"VCID-bp2p-twzt-wkap"},{"vulnerability":"VCID-bzpc-s4tb-1yhg"},{"vulnerability":"VCID-fnpy-4qyf-kfbb"},{"vulnerability":"VCID-hk7s-5xmv-1kca"},{"vulnerability":"VCID-k8cj-882g-sfac"},{"vulnerability":"VCID-ndjs-6nmc-9yg1"},{"vulnerability":"VCID-ny3v-m8gs-3bf2"},{"vulnerability":"VCID-pfpr-8td6-t7dc"},{"vulnerability":"VCID-tgwb-8x2b-abfy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jbcs-httpd24-openssl@1:1.0.2n-14.jbcs%3Farch=el6"},{"url":"http://public2.vulnerablecode.io/api/packages/146456?format=json","purl":"pkg:rpm/redhat/jbcs-httpd24-openssl@1:1.0.2n-14.jbcs?arch=el7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5qj8-vuec-h3fg"},{"vulnerability":"VCID-62uq-vyd8-mfbt"},{"vulnerability":"VCID-9nbn-wceh-rfd9"},{"vulnerability":"VCID-bp2p-twzt-wkap"},{"vulnerability":"VCID-bzpc-s4tb-1yhg"},{"vulnerability":"VCID-fnpy-4qyf-kfbb"},{"vulnerability":"VCID-hk7s-5xmv-1kca"},{"vulnerability":"VCID-k8cj-882g-sfac"},{"vulnerability":"VCID-ndjs-6nmc-9yg1"},{"vulnerability":"VCID-ny3v-m8gs-3bf2"},{"vulnerability":"VCID-pfpr-8td6-t7dc"},{"vulnerability":"VCID-tgwb-8x2b-abfy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jbcs-httpd24-openssl@1:1.0.2n-14.jbcs%3Farch=el7"}],"references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11759.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11759.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11759","reference_id":"","reference_type":"","scores":[{"value":"0.94184","scoring_system":"epss","scoring_elements":"0.99923","published_at":"2026-06-05T12:55:00Z"},{"value":"0.94184","scoring_system":"epss","scoring_elements":"0.99922","published_at":"2026-06-06T12:55:00Z"},{"value":"0.94242","scoring_system":"epss","scoring_elements":"0.99932","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11759"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11759","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11759"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1645589","reference_id":"1645589","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1645589"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0366","reference_id":"RHSA-2019:0366","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0366"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0367","reference_id":"RHSA-2019:0367","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0367"}],"weaknesses":[{"cwe_id":22,"name":"Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')","description":"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory."}],"exploits":[],"severity_range_score":"7.5 - 7.5","exploitability":"2.0","weighted_severity":"6.8","risk_score":10.0,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fnpy-4qyf-kfbb"}