Apache Tomcat JK Connect <=1.2.44 - Manager Access (CVE-2018-11759)

Apache Tomcat JK (mod_jk) Connector 1.2.0 to 1.2.44 allows specially constructed requests to expose application functionality through the reverse proxy. It is also possible in some configurations for a specially constructed request to bypass the access controls configured in httpd. While there is some overlap between this issue and CVE-2018-1323, they are not identical.

Apache Tomcat JK（mod_jk）连接器1.2.0至1.2.44版本允许通过反向代理暴露应用程序功能。在某些配置下，精心构造的请求还可绕过httpd中配置的访问控制。尽管此问题与CVE-2018-1323存在一定程度的重叠，但它们并非完全相同。