CVE - CVE-2007-1860

CVE-ID
CVE-2007-1860	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. (dot dot) sequences and directory traversal, a related issue to CVE-2007-0450.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:1018138 URL:http://www.securitytracker.com/id?1018138 MISC:24147 URL:http://www.securityfocus.com/bid/24147 MISC:25159 URL:http://www.securityfocus.com/bid/25159 MISC:25383 URL:http://secunia.com/advisories/25383 MISC:25701 URL:http://secunia.com/advisories/25701 MISC:26235 URL:http://secunia.com/advisories/26235 MISC:26512 URL:http://secunia.com/advisories/26512 MISC:27037 URL:http://secunia.com/advisories/27037 MISC:29242 URL:http://secunia.com/advisories/29242 MISC:34877 URL:~~http://www.osvdb.org/34877~~ (Obsolete source) MISC:ADV-2007-1941 URL:~~http://www.vupen.com/english/advisories/2007/1941~~ (Obsolete source) MISC:ADV-2007-2732 URL:~~http://www.vupen.com/english/advisories/2007/2732~~ (Obsolete source) MISC:ADV-2007-3386 URL:~~http://www.vupen.com/english/advisories/2007/3386~~ (Obsolete source) MISC:APPLE-SA-2007-07-31 URL:http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html MISC:DSA-1312 URL:http://www.debian.org/security/2007/dsa-1312 MISC:GLSA-200708-15 URL:http://security.gentoo.org/glsa/glsa-200708-15.xml MISC:HPSBUX02262 URL:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795 MISC:RHSA-2007:0379 URL:http://www.redhat.com/support/errata/RHSA-2007-0379.html MISC:RHSA-2008:0261 URL:http://www.redhat.com/support/errata/RHSA-2008-0261.html MISC:SSRT071447 URL:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795 MISC:SUSE-SR:2008:005 URL:http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html MISC:[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/ URL:https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E MISC:[tomcat-dev] 20190319 svn commit: r1855831 [26/30] - in /tomcat/site/trunk: ./ docs/ xdocs/ URL:https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3E MISC:[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/ URL:https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E MISC:[tomcat-dev] 20190325 svn commit: r1856174 [25/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/ URL:https://lists.apache.org/thread.html/8d2a579bbd977c225c70cb23b0ec54865fb0dab5da3eff1e060c9935%40%3Cdev.tomcat.apache.org%3E MISC:[tomcat-dev] 20190413 svn commit: r1857494 [18/20] - in /tomcat/site/trunk: ./ docs/ xdocs/ URL:https://lists.apache.org/thread.html/277d42b48b6e9aef50949c0dcc79ce21693091d73da246b3c1981925%40%3Cdev.tomcat.apache.org%3E MISC:[tomcat-dev] 20190415 svn commit: r1857582 [20/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/ URL:https://lists.apache.org/thread.html/5b7a23e245c93235c503900da854a143596d901bf1a1f67e851a5de4%40%3Cdev.tomcat.apache.org%3E MISC:[tomcat-dev] 20200203 svn commit: r1873527 [26/30] - /tomcat/site/trunk/docs/ URL:https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3E MISC:[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/ URL:https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E MISC:[tomcat-dev] 20200213 svn commit: r1873980 [30/34] - /tomcat/site/trunk/docs/ URL:https://lists.apache.org/thread.html/r5c616dfc49156e4b06ffab842800c80f4425924d0f20c452c127a53c%40%3Cdev.tomcat.apache.org%3E MISC:http://docs.info.apple.com/article.html?artnum=306172 URL:http://docs.info.apple.com/article.html?artnum=306172 MISC:http://tomcat.apache.org/connectors-doc/news/20070301.html#20070518.1 URL:http://tomcat.apache.org/connectors-doc/news/20070301.html#20070518.1 MISC:http://tomcat.apache.org/security-jk.html URL:http://tomcat.apache.org/security-jk.html MISC:oval:org.mitre.oval:def:6002 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6002 MISC:tomcat-jkconnector-security-bypass(34496) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/34496
Assigning CNA
Red Hat, Inc.
Date Record Created
20070404	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20070404)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)