[question] Is JkMountFile vulnerable as well?

immunIT / CVE-2018-11759

Proof of concept showing how to exploit the CVE-2018-11759

41 stars 17 forks source link

[question] Is JkMountFile vulnerable as well? #3

Open brannondorsey opened 5 years ago

brannondorsey commented 5 years ago

Hi,

In your blog post, as well as this PoC, you indicate that JkMount directives are vulnerable to this ";" attack. Are directives included in a JkMountFile directive vulnerable as well?

Thanks!

brannondorsey commented 5 years ago

Additionally, is this vulnerability limited to JkMount directives inside of <Location> tags?

You also mention that using a glob character like /test* isn't vulnerable. Does this glob have to be a trailing glob, or could it be a leading glob like /*test to evade the vulnerability as well?