Published: 16/03/2007 Updated: 13/02/2023

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 505

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x prior to 5.5.22 and 6.x prior to 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote malicious users to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apache tomcat
apache http server -

source: wwwsecurityfocuscom/bid/22960/info Apache HTTP servers running with the Tomcat servlet container are prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data Exploiting this issue allows attackers to access arbitrary files in the Tomcat webroot This can expose sensitive inf ...

SEC Consult Security Advisory 20070314-0 - If the Apache HTTP Server and Tomcat are configured to interoperate with the common proxy modules (mod_proxy, mod_rewrite, mod_jk), an attacker might be able to break out of the intended destination path up to the webroot in Tomcat ...

Repository project cybersecurity report on Capstone Red vs Blue

Capstone Red vs Blue CySec Report Author: Min Young Lee Preface This is a cybersecurity project report on a network vulnerability There are two parts of this project: the attacker (Red Team) and the victim (Blue Team) The Red Team is tasked with identifying vulnerabilities in the network and exploiting the found vulnerabilities The Blue Team is tasked with detecting malic

CWE-22 http://www.securityfocus.com/bid/22960 http://www.sec-consult.com/287.html http://www.sec-consult.com/fileadmin/Advisories/20070314-0-apache_tomcat_directory_traversal.txt http://www.novell.com/linux/security/advisories/2007_5_sr.html http://secunia.com/advisories/24732 http://security.gentoo.org/glsa/glsa-200705-03.xml http://tomcat.apache.org/security-4.html http://tomcat.apache.org/security-5.html http://tomcat.apache.org/security-6.html http://secunia.com/advisories/25106 http://www.redhat.com/support/errata/RHSA-2007-0327.html http://secunia.com/advisories/25280 http://docs.info.apple.com/article.html?artnum=306172 http://www.fujitsu.com/global/support/software/security/products-f/interstage-200702e.html http://support.avaya.com/elmodocs2/security/ASA-2007-206.htm http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html http://www.redhat.com/support/errata/RHSA-2007-0360.html http://www.novell.com/linux/security/advisories/2007_15_sr.html http://www.securityfocus.com/bid/25159 http://secunia.com/advisories/26235 http://secunia.com/advisories/26660 http://secunia.com/advisories/27037 http://securityreason.com/securityalert/2446 http://www.mandriva.com/security/advisories?name=MDKSA-2007:241 http://lists.vmware.com/pipermail/security-announce/2008/000003.html http://secunia.com/advisories/28365 http://www.redhat.com/support/errata/RHSA-2008-0261.html http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1 http://secunia.com/advisories/30908 http://secunia.com/advisories/30899 http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540 http://secunia.com/advisories/33668 http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx http://www.vupen.com/english/advisories/2009/0233 http://www.vupen.com/english/advisories/2007/0975 http://www.vupen.com/english/advisories/2007/3087 http://www.vupen.com/english/advisories/2007/2732 http://www.vupen.com/english/advisories/2007/3386 http://www.vupen.com/english/advisories/2008/1979/references http://www.vupen.com/english/advisories/2008/0065 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795 https://exchange.xforce.ibmcloud.com/vulnerabilities/32988 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10643 http://www.securityfocus.com/archive/1/500412/100/0/threaded http://www.securityfocus.com/archive/1/500396/100/0/threaded http://www.securityfocus.com/archive/1/485938/100/0/threaded http://www.securityfocus.com/archive/1/462791/100/0/threaded https://lists.apache.org/thread.html/8d2a579bbd977c225c70cb23b0ec54865fb0dab5da3eff1e060c9935%40%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/277d42b48b6e9aef50949c0dcc79ce21693091d73da246b3c1981925%40%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/r5c616dfc49156e4b06ffab842800c80f4425924d0f20c452c127a53c%40%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/5b7a23e245c93235c503900da854a143596d901bf1a1f67e851a5de4%40%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3E https://nvd.nist.gov https://github.com/ActualSalt/Capstone-Red-vs-Blue-CySec-Report https://www.exploit-db.com/exploits/29739/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2007-0450

Vulnerability Summary

Vulnerability Trend

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect