CVE-2007-1860

CVSS V2 Medium 5 CVSS V3 None
Description
mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. (dot dot) sequences and directory traversal, a related issue to CVE-2007-0450.
Overview
  • CVE ID
  • CVE-2007-1860
  • Assigner
  • secalert@redhat.com
  • Vulnerability Status
  • Modified
  • Published Version
  • 2007-05-25T18:30:00
  • Last Modified Date
  • 2023-02-13T02:17:35
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:apache:tomcat_jk_web_server_connector:*:*:*:*:*:*:*:* 1 OR 1.2.22
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:N/AC:L/Au:N/C:P/I:N/A:N
  • Access Vector
  • NETWORK
  • Access Compatibility
  • LOW
  • Authentication
  • NONE
  • Confidentiality Impact
  • PARTIAL
  • Integrity Impact
  • NONE
  • Availability Impact
  • NONE
  • Base Score
  • 5
  • Severity
  • MEDIUM
  • Exploitability Score
  • 10
  • Impact Score
  • 2.9
References
Reference URL Reference Tags
http://tomcat.apache.org/connectors-doc/news/20070301.html#20070518.1 Patch
http://tomcat.apache.org/security-jk.html Patch
http://secunia.com/advisories/25383 Patch Vendor Advisory
http://docs.info.apple.com/article.html?artnum=306172
http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html
http://www.debian.org/security/2007/dsa-1312
http://security.gentoo.org/glsa/glsa-200708-15.xml
http://www.redhat.com/support/errata/RHSA-2007-0379.html Vendor Advisory
http://www.securityfocus.com/bid/24147
http://www.securityfocus.com/bid/25159
http://www.osvdb.org/34877
http://www.securitytracker.com/id?1018138
http://secunia.com/advisories/25701 Vendor Advisory
http://secunia.com/advisories/26235 Vendor Advisory
http://secunia.com/advisories/26512 Vendor Advisory
http://secunia.com/advisories/27037 Vendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html
http://secunia.com/advisories/29242 Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2008-0261.html
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795
http://www.vupen.com/english/advisories/2007/2732 Vendor Advisory
http://www.vupen.com/english/advisories/2007/1941 Vendor Advisory
http://www.vupen.com/english/advisories/2007/3386 Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/34496
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6002
https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/8d2a579bbd977c225c70cb23b0ec54865fb0dab5da3eff1e060c9935@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/277d42b48b6e9aef50949c0dcc79ce21693091d73da246b3c1981925@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/5b7a23e245c93235c503900da854a143596d901bf1a1f67e851a5de4@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r5c616dfc49156e4b06ffab842800c80f4425924d0f20c452c127a53c@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E
History
Created Old Value New Value Data Type Notes
2022-05-10 17:43:55 Added to TrackCVE
2023-02-13 03:01:57 2023-02-13T02:17:35 CVE Modified Date updated