Lucene search
RedHatRHSA-2007:0380HistoryMay 30, 2007 - 12:00 a.m.
(RHSA-2007:0380) Important: mod_jk security update
2007-05-3000:00:00
access.redhat.com
12
0.035 Low
EPSS
Percentile
91.6%
mod_jk is a Tomcat connector that can be used to communicate between Tomcat
and the Apache HTTP Server 2.
Versions of mod_jk before 1.2.23 decoded request URLs by default inside
Apache httpd and forwarded the encoded URL to Tomcat, which itself did a
second decoding. If Tomcat was used behind mod_jk and configured to only
proxy some contexts, an attacker could construct a carefully crafted HTTP
request to work around the context restriction and potentially access
non-proxied content (CVE-2007-1860).
Users of mod_jk should upgrade to these updated packages, which address
this issue by changing the default so mod_jk forwards the original
unchanged request URL to Tomcat.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| RedHat | any | x86_64 | mod_jk-manual | < 1.2.20-1jpp_2rh | mod_jk-manual-1.2.20-1jpp_2rh.x86_64.rpm |
| RedHat | any | i386 | mod_jk-manual | < 1.2.20-1jpp_2rh | mod_jk-manual-1.2.20-1jpp_2rh.i386.rpm |
| RedHat | any | i386 | mod_jk-ap20 | < 1.2.20-1jpp_2rh | mod_jk-ap20-1.2.20-1jpp_2rh.i386.rpm |
| RedHat | any | ia64 | mod_jk-manual | < 1.2.20-1jpp_2rh | mod_jk-manual-1.2.20-1jpp_2rh.ia64.rpm |
| RedHat | any | ia64 | mod_jk-ap20 | < 1.2.20-1jpp_2rh | mod_jk-ap20-1.2.20-1jpp_2rh.ia64.rpm |
| RedHat | any | ppc | mod_jk-ap20 | < 1.2.20-1jpp_2rh | mod_jk-ap20-1.2.20-1jpp_2rh.ppc.rpm |
| RedHat | any | x86_64 | mod_jk-ap20 | < 1.2.20-1jpp_2rh | mod_jk-ap20-1.2.20-1jpp_2rh.x86_64.rpm |
| RedHat | any | ppc | mod_jk-manual | < 1.2.20-1jpp_2rh | mod_jk-manual-1.2.20-1jpp_2rh.ppc.rpm |
Related
openvas
openvas
FreeBSD Ports: mod_jk
2008-09-04 00:00:00
Gentoo Security Advisory GLSA 200708-15 (mod_jk)
2008-09-24 00:00:00
FreeBSD Ports: mod_jk
2008-09-04 00:00:00
debian
debian
freebsd
freebsd
mod_jk -- information disclosure
2007-05-18 00:00:00
redhat
redhat
(RHSA-2007:0379) Important: mod_jk security update
2007-05-30 00:00:00
(RHSA-2008:0524) Low: Red Hat Network Satellite Server security update
2008-06-30 00:00:00
(RHSA-2008:0261) Moderate: Red Hat Network Satellite Server security update
2008-05-20 00:00:00
nessus
nessus
Debian DSA-1312-1 : libapache-mod-jk - programming error
2007-06-21 00:00:00
GLSA-200708-15 : Apache mod_jk: Directory traversal
2007-08-21 00:00:00
gentoo
gentoo
Apache mod_jk: Directory traversal
2007-08-19 00:00:00
nvd
nvd
CVE-2007-1860
2007-05-25 18:30:00
ubuntucve
ubuntucve
CVE-2007-1860
2007-05-25 00:00:00
cve
cve
CVE-2007-1860
2007-05-25 18:30:00
tomcat
tomcat
Fixed in Apache Tomcat 5.5.22, 5.0.SVN
2007-01-23 00:00:00
Fixed in Apache Tomcat JK Connector 1.2.23
2007-01-23 00:00:00
Fixed in Apache Tomcat 4.1.36
2005-06-30 00:00:00
debiancve
debiancve
CVE-2007-1860
2007-05-25 18:30:00
prion
prion
Directory traversal
2007-05-25 18:30:00
cvelist
cvelist
CVE-2007-1860
2007-05-25 18:00:00
securityvulns
securityvulns
Apache Tomcat directory traversal
2007-03-14 00:00:00
seebug
seebug
Mac OS X 2007-007更新修复多个安全漏洞
2007-08-02 00:00:00