CVE-2007-1860

NONECVSS 0.0

0.0

mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. (dot dot) sequences and directory traversal, a related issue to CVE-2007-0450.

🔗 References (68)

secalert@redhathttp://docs.info.apple.com/article.html?artnum=306172
secalert@redhathttp://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795
secalert@redhathttp://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html
secalert@redhathttp://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html
secalert@redhathttp://secunia.com/advisories/25383
secalert@redhathttp://secunia.com/advisories/25701
secalert@redhathttp://secunia.com/advisories/26235
secalert@redhathttp://secunia.com/advisories/26512
secalert@redhathttp://secunia.com/advisories/27037
secalert@redhathttp://secunia.com/advisories/29242
secalert@redhathttp://security.gentoo.org/glsa/glsa-200708-15.xml
secalert@redhathttp://tomcat.apache.org/connectors-doc/news/20070301.html#20070518.1
secalert@redhathttp://tomcat.apache.org/security-jk.html
secalert@redhathttp://www.debian.org/security/2007/dsa-1312
secalert@redhathttp://www.osvdb.org/34877

Is Your Infrastructure Affected by CVE-2007-1860?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2007-1860

📅 Published

🔄 Last Modified

🔗 References (68)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2007-1860?