N/A

The IIS/ISAPI specific code in the Apache Tomcat JK ISAPI Connector 1.2.0 to 1.2.42 that normalised the requested path before matching it to the URI-worker map did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via IIS, then it was possible for a specially constructed request to expose application functionality through the reverse proxy that was not intended for clients accessing Tomcat via the reverse proxy.

N/A

N/A

Apache Tomcat JK ISAPI Connector 安全漏洞

Apache Tomcat JK ISAPI Connector是美国阿帕奇（Apache）软件基金会的一款为Apache或IIS提供连接后台Tomcat的模块，它支持集群和负载均衡等。 Apache Tomcat JK ISAPI Connector 1.2.0版本至1.2.42版本中存在安全漏洞，该漏洞源于IIS/ISAPI特定代码没有正确处理某些意外情况。攻击者可借助反向代理利用该漏洞访问应用程序。

N/A

N/A