5

CVE-2007-1860

mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. (dot dot) sequences and directory traversal, a related issue to CVE-2007-0450.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ApacheTomcat Jk Web Server Connector Version <= 1.2.22
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 12.92% 0.958
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E
http://www.redhat.com/support/errata/RHSA-2008-0261.html
http://docs.info.apple.com/article.html?artnum=306172
http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html
http://secunia.com/advisories/26235
Vendor Advisory
http://www.securityfocus.com/bid/25159
http://www.vupen.com/english/advisories/2007/2732
Vendor Advisory
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html
http://secunia.com/advisories/27037
Vendor Advisory
http://secunia.com/advisories/29242
Vendor Advisory
http://www.vupen.com/english/advisories/2007/3386
Vendor Advisory
http://tomcat.apache.org/security-jk.html
Patch
https://lists.apache.org/thread.html/277d42b48b6e9aef50949c0dcc79ce21693091d73da246b3c1981925%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/5b7a23e245c93235c503900da854a143596d901bf1a1f67e851a5de4%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/8d2a579bbd977c225c70cb23b0ec54865fb0dab5da3eff1e060c9935%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r5c616dfc49156e4b06ffab842800c80f4425924d0f20c452c127a53c%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3E
http://secunia.com/advisories/25383
Patch
Vendor Advisory
http://secunia.com/advisories/25701
Vendor Advisory
http://secunia.com/advisories/26512
Vendor Advisory
http://security.gentoo.org/glsa/glsa-200708-15.xml
http://tomcat.apache.org/connectors-doc/news/20070301.html#20070518.1
Patch
http://www.debian.org/security/2007/dsa-1312
http://www.osvdb.org/34877
http://www.redhat.com/support/errata/RHSA-2007-0379.html
Vendor Advisory
http://www.securityfocus.com/bid/24147
http://www.securitytracker.com/id?1018138
http://www.vupen.com/english/advisories/2007/1941
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/34496
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6002