Lucene search
Ubuntu.comUB:CVE-2007-1860HistoryMay 25, 2007 - 12:00 a.m.
CVE-2007-1860
2007-05-2500:00:00
ubuntu.com
ubuntu.com
14
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
EPSS
0.974
Percentile
99.9%
mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes
request URLs within the Apache HTTP Server before passing the URL to
Tomcat, which allows remote attackers to access protected pages via a
crafted prefix JkMount, possibly involving double-encoded … (dot dot)
sequences and directory traversal, a related issue to CVE-2007-0450.
Bugs
Notes
| Author | Note |
|---|---|
| jdstrand | LP bug has debdiffs |
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| ubuntu | 6.06 | noarch | libapache-mod-jk | < 1:1.2.14.1-2ubuntu1.1 | UNKNOWN |
| ubuntu | 7.10 | noarch | libapache-mod-jk | < 1.2.23-3 | UNKNOWN |
| ubuntu | 8.04 | noarch | libapache-mod-jk | < 1.2.23-3 | UNKNOWN |
| ubuntu | 8.10 | noarch | libapache-mod-jk | < 1.2.23-3 | UNKNOWN |
Related
debiancve
debiancve
CVE-2007-1860
2007-05-25 18:30:00
tomcat
tomcat
Fixed in Apache Tomcat 5.5.22, 5.0.SVN
2007-01-23 00:00:00
Fixed in Apache Tomcat JK Connector 1.2.23
2007-01-23 00:00:00
Fixed in Apache Tomcat 4.1.36
2005-06-30 00:00:00
cve
cve
CVE-2007-1860
2007-05-25 18:30:00
CVE-2007-0450
2007-03-16 22:19:00
nvd
nvd
CVE-2007-1860
2007-05-25 18:30:00
CVE-2007-0450
2007-03-16 22:19:00
prion
prion
Directory traversal
2007-05-25 18:30:00
Directory traversal
2007-03-16 22:19:00
cvelist
cvelist
CVE-2007-1860
2007-05-25 18:00:00
CVE-2007-0450
2007-03-16 22:00:00
securityvulns
securityvulns
Apache Tomcat directory traversal
2007-03-14 00:00:00
SEC Consult SA-20070314-0 :: Apache HTTP Server / Tomcat directory traversal
2007-03-14 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 200708-15 (mod_jk)
2008-09-24 00:00:00
FreeBSD Ports: mod_jk
2008-09-04 00:00:00
Debian: Security Advisory (DSA-1312-1)
2008-01-17 00:00:00
debian
debian
gentoo
gentoo
Apache mod_jk: Directory traversal
2007-08-19 00:00:00
Tomcat: Information disclosure
2007-05-01 00:00:00
nessus
nessus
GLSA-200708-15 : Apache mod_jk: Directory traversal
2007-08-21 00:00:00
FreeBSD : mod_jk -- information disclosure (d9405748-1342-11dc-a35c-001485ab073e)
2007-06-05 00:00:00
Debian DSA-1312-1 : libapache-mod-jk - programming error
2007-06-21 00:00:00
redhat
redhat
(RHSA-2007:0380) Important: mod_jk security update
2007-05-30 00:00:00
(RHSA-2007:0379) Important: mod_jk security update
2007-05-30 00:00:00
(RHSA-2007:0360) Important: jbossas security update
2007-05-24 00:00:00
freebsd
freebsd
mod_jk -- information disclosure
2007-05-18 00:00:00
tomcat -- multiple vulnerabilities
2007-04-27 00:00:00
github
github
Apache Tomcat Directory Traversal
2022-05-01 17:44:16
ubuntucve
ubuntucve
CVE-2007-0450
2007-03-16 00:00:00
veracode
veracode
Directory Traversal
2018-11-13 06:27:26
packetstorm
packetstorm
SA-20070314-0.txt
2007-03-20 00:00:00
exploitdb
exploitdb
Apache Tomcat 5.x/6.0.x - Directory Traversal
2007-03-14 00:00:00
osv
osv
Apache Tomcat Directory Traversal
2022-05-01 17:44:16
hackerone
hackerone
checkpoint_advisories
checkpoint_advisories
Apache Tomcat URIencoding Directory Traversal (CVE-2007-0450; CVE-2008-2938)
2009-11-01 00:00:00
vmware
vmware
centos
centos
jakarta, tomcat5 security update
2007-05-14 22:49:09
oraclelinux
oraclelinux
Important: tomcat security update
2007-06-26 00:00:00
seebug
seebug
Mac OS X 2007-007更新修复多个安全漏洞
2007-08-02 00:00:00
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
EPSS
0.974
Percentile
99.9%
Related for UB:CVE-2007-1860