Lucene search

[email protected]NVD:CVE-2007-1860

HistoryMay 25, 2007 - 6:30 p.m.

CVE-2007-1860

2007-05-2518:30:00

CWE-22

[email protected]

web.nvd.nist.gov

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.4 Medium

AI Score

Confidence

Low

0.973 High

EPSS

Percentile

99.9%

JSON

mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded … (dot dot) sequences and directory traversal, a related issue to CVE-2007-0450.

Affected configurations

NVD

Node

apachetomcat_jk_web_server_connectorRange≤1.2.22

References

docs.info.apple.com/article.html?artnum=306172

h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795

lists.apple.com/archives/security-announce//2007/Jul/msg00004.html

lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html

secunia.com/advisories/25383

secunia.com/advisories/25701

secunia.com/advisories/26235

secunia.com/advisories/26512

secunia.com/advisories/27037

secunia.com/advisories/29242

security.gentoo.org/glsa/glsa-200708-15.xml

tomcat.apache.org/connectors-doc/news/20070301.html#20070518.1

tomcat.apache.org/security-jk.html

www.debian.org/security/2007/dsa-1312

www.osvdb.org/34877

www.redhat.com/support/errata/RHSA-2007-0379.html

www.redhat.com/support/errata/RHSA-2008-0261.html

www.securityfocus.com/bid/24147

www.securityfocus.com/bid/25159

www.securitytracker.com/id?1018138

www.vupen.com/english/advisories/2007/1941

www.vupen.com/english/advisories/2007/2732

www.vupen.com/english/advisories/2007/3386

exchange.xforce.ibmcloud.com/vulnerabilities/34496

lists.apache.org/thread.html/277d42b48b6e9aef50949c0dcc79ce21693091d73da246b3c1981925%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/5b7a23e245c93235c503900da854a143596d901bf1a1f67e851a5de4%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/8d2a579bbd977c225c70cb23b0ec54865fb0dab5da3eff1e060c9935%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/r5c616dfc49156e4b06ffab842800c80f4425924d0f20c452c127a53c%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3E

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6002

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.4 Medium

AI Score

Confidence

Low

0.973 High

EPSS

Percentile

99.9%

JSON

Related for NVD:CVE-2007-1860