vul_other:apache_tomcat_jk_connector_auth_bypass_vul（Rule ID：1070310165）

Release Date：2025/9/15

Rule Name：CVE-2018-11759: Apache Tomcat JK Connector Authentication Bypass Vulnerability

Severity：critical

CVE ID：CVE-2018-11759

Apache Tomcat JK (MOD_JK) Connector is a Module for Apache Software Foundation for Apache or IIS, which supports cluster and load balancing. Apache Tomcat JK (MOD_JK) Connector 1.2.0 version of the directory traversal vulnerability in version 1.2.44. An attacker can use this vulnerability to cause information disclosure. This rule supports to defend the A6: Vulnerable and Outdated Components of OWASP Top 10 - 2021.
Other reference：None

Update vendor patches.