CVE-2007-1860

mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. (dot dot) sequences and directory traversal, a related issue to CVE-2007-0450.
References
Link Resource
http://tomcat.apache.org/connectors-doc/news/20070301.html#20070518.1 Patch
http://tomcat.apache.org/security-jk.html Patch
http://secunia.com/advisories/25383 Patch Vendor Advisory
http://docs.info.apple.com/article.html?artnum=306172
http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html
http://www.debian.org/security/2007/dsa-1312
http://security.gentoo.org/glsa/glsa-200708-15.xml
http://www.redhat.com/support/errata/RHSA-2007-0379.html Vendor Advisory
http://www.securityfocus.com/bid/24147
http://www.securityfocus.com/bid/25159
http://www.osvdb.org/34877
http://www.securitytracker.com/id?1018138
http://secunia.com/advisories/25701 Vendor Advisory
http://secunia.com/advisories/26235 Vendor Advisory
http://secunia.com/advisories/26512 Vendor Advisory
http://secunia.com/advisories/27037 Vendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html
http://secunia.com/advisories/29242 Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2008-0261.html
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795
http://www.vupen.com/english/advisories/2007/2732 Vendor Advisory
http://www.vupen.com/english/advisories/2007/1941 Vendor Advisory
http://www.vupen.com/english/advisories/2007/3386 Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/34496
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6002
https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/277d42b48b6e9aef50949c0dcc79ce21693091d73da246b3c1981925%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r5c616dfc49156e4b06ffab842800c80f4425924d0f20c452c127a53c%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/5b7a23e245c93235c503900da854a143596d901bf1a1f67e851a5de4%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/8d2a579bbd977c225c70cb23b0ec54865fb0dab5da3eff1e060c9935%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3E
Configurations

Configuration 1

cpe:2.3:a:apache:tomcat_jk_web_server_connector:*:*:*:*:*:*:*:*

Information

Published : 2007-05-25 06:30

Updated : 2023-02-13 02:17


NVD link : CVE-2007-1860

Mitre link : CVE-2007-1860

Products Affected
No products.
CWE