Home > Vulnerability Database > CVE-2007-1860

Mend.io Vulnerability Database

CVE-2007-1860

Date: May 25, 2007

mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. (dot dot) sequences and directory traversal, a related issue to CVE-2007-0450.

Severity Score

5.3

Related Resources (37)

Url: http://secunia.com/advisories/29242

Url: http://docs.info.apple.com/article.html?artnum=306172

Url: http://secunia.com/advisories/25383

Url: https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/34496

Url: https://lists.apache.org/thread.html/277d42b48b6e9aef50949c0dcc79ce21693091d73da246b3c1981925%40%3Cdev.tomcat.apache.org%3E

Url: http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html

Url: http://www.vupen.com/english/advisories/2007/3386

Url: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6002

Url: http://secunia.com/advisories/27037

Url: https://lists.apache.org/thread.html/5b7a23e245c93235c503900da854a143596d901bf1a1f67e851a5de4%40%3Cdev.tomcat.apache.org%3E

Url: https://lists.apache.org/thread.html/r5c616dfc49156e4b06ffab842800c80f4425924d0f20c452c127a53c%40%3Cdev.tomcat.apache.org%3E

Url: http://www.redhat.com/support/errata/RHSA-2007-0379.html

Url: https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E

Url: http://www.securityfocus.com/bid/25159

Url: http://www.securityfocus.com/bid/24147

Url: http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html

Url: http://tomcat.apache.org/security-jk.html

Url: https://lists.apache.org/thread.html/8d2a579bbd977c225c70cb23b0ec54865fb0dab5da3eff1e060c9935%40%3Cdev.tomcat.apache.org%3E

Url: http://www.debian.org/security/2007/dsa-1312

Url: https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3E

Url: http://www.securitytracker.com/id?1018138

Url: http://tomcat.apache.org/connectors-doc/news/20070301.html#20070518.1

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2007-1860

Url: https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3E

Url: http://www.vupen.com/english/advisories/2007/2732

Url: http://www.osvdb.org/34877

Url: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795

Url: http://secunia.com/advisories/25701

Url: http://www.vupen.com/english/advisories/2007/1941

Url: https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E

Url: https://nvd.nist.gov/vuln/detail/CVE-2007-1860

Url: http://security.gentoo.org/glsa/glsa-200708-15.xml

Url: http://secunia.com/advisories/26512

Url: http://www.redhat.com/support/errata/RHSA-2008-0261.html

Url: http://secunia.com/advisories/26235

Url: https://www.mend.io/vulnerability-database/CVE-2007-1860

Severity Score

5.3

Weakness Type (CWE)

Path Traversal

CWE-22

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

CVSS v2

Base Score:	5.0
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2007-1860

Date: May 25, 2007

Severity Score

Related Resources (37)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?