WID-SEC-W-2023-2984

Affected Products

Exploit Intelligence

• Proof of concept showing how to exploit the CVE-2018-11759 (github-poc-repo)
• This exploit for CVE 2018-11759, vulnerability in apache mod_jk, module for load-balancer (github-poc-repo)
• 一款功能强大的漏洞扫描器，子域名爆破使用aioDNS，asyncio异步快速扫描，覆盖目标全方位资产进行批量漏洞扫描，中间件信息收集，自动收集ip代理，探测Waf信息时自动使用来保护本机真实Ip，在本机Ip被Waf杀死后，自动切换代理Ip进行扫描，Waf信息收集(国内外100+款waf信息)包括安全狗，云锁，阿里云，云盾，腾讯云等，提供部分已知waf bypass 方案，中间件漏洞检测(Thinkphp,weblo... (github-poc-repo)
• julioliraup/Identificador-CVE-2018-11759 (github-poc-repo)
• julioliraup/Identificador-CVE-2018-11759 (github-poc)
• This exploit for CVE 2018-11759, vulnerability in apache mod_jk, module for load-balancer (github-poc)
• Proof of concept showing how to exploit the CVE-2018-11759 (github-poc)
• https://www.suse.com/support/update/announcement/2018/suse-su-20183969-1.html (circl)
• https://access.redhat.com/errata/RHSA-2019:0367 (circl)
• https://access.redhat.com/errata/RHSA-2019:0366 (circl)

…and 10 more exploits

Timeline

• Oct 31, 2018 CVE Published
• Nov 21, 2023 CVE Updated
• Apr 30, 2026 Distribution Patch
• Apr 30, 2026 Distribution Patch
• Apr 30, 2026 Distribution Patch

References

• https://wid.cert-bund.de/.well-known/csaf/white/2018/wid-sec-w-2023-2984.json advisory
• https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2984 advisory
• https://lists.suse.com/pipermail/sle-security-updates/2023-November/017156.html url
• http://tomcat.apache.org/security-jk.html url
• https://www.suse.com/support/update/announcement/2018/suse-su-20183963-1.html url
• https://www.suse.com/support/update/announcement/2018/suse-su-20183969-1.html url
• https://www.suse.com/support/update/announcement/2018/suse-su-20183970-1.html url
• https://www.debian.org/security/2018/dsa-4357 url
• https://access.redhat.com/errata/RHSA-2019:0367 url
• https://access.redhat.com/errata/RHSA-2019:0366 url
• https://www.suse.com/support/update/announcement/2019/suse-su-20183963-2.html url