Published: 25/05/2007 Updated: 13/02/2023

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 446

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

mod_jk in Apache Tomcat JK Web Server Connector 1.2.x prior to 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote malicious users to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. (dot dot) sequences and directory traversal, a related issue to CVE-2007-0450.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apache tomcat jk web server connector

Debian Bug report logs - #425836 [CVE-2007-1860] A double encoded "" in a URL can be used to access URLs on the AJP backend Package: libapache2-mod-jk; Maintainer for libapache2-mod-jk is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Source for libapache2-mod-jk is src:libapache-mod-jk (PTS, buildd, popco ...

It was discovered that the Apache 13 connector for the Tomcat Java servlet engine decoded request URLs multiple times, which can lead to information disclosure For the oldstable distribution (sarge) this problem has been fixed in version 125-2sarge1 An updated package for powerpc is not yet available due to problems with the build host It wil ...

This is my first web app

tomcatWarDeployer Apache Tomcat auto WAR deployment & pwning penetration testing tool What is it? This is a penetration testing tool intended to leverage Apache Tomcat credentials in order to automatically generate and deploy JSP Backdoor, as well as invoke it afterwards and provide nice shell (either via web gui, listening port binded on remote machine or as a reverse

Apache Tomcat auto WAR deployment & pwning penetration testing tool.

tomcatWarDeployer Apache Tomcat auto WAR deployment & pwning penetration testing tool What is it? This is a penetration testing tool intended to leverage Apache Tomcat credentials in order to automatically generate and deploy JSP Backdoor, as well as invoke it afterwards and provide nice shell (either via web gui, listening port binded on remote machine or as a reverse

安全工程师学习之路

甲方安全体系建设代码审计甲方安全中心建设：代码审计系统基于Fortify的自动化代码审计平台渗透甲方安全中心建设：渗透测试系统漏洞记录渗透测试-漏洞列表业务逻辑-高并发漏洞有趣的暴力破解漏洞不一样的SQL注入安全培训安全培训平台-阴阳蜜罐开源蜜罐测评报告蜜罐捕�

CWE-22 http://tomcat.apache.org/connectors-doc/news/20070301.html#20070518.1 http://tomcat.apache.org/security-jk.html http://secunia.com/advisories/25383 http://docs.info.apple.com/article.html?artnum=306172 http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html http://www.debian.org/security/2007/dsa-1312 http://security.gentoo.org/glsa/glsa-200708-15.xml http://www.redhat.com/support/errata/RHSA-2007-0379.html http://www.securityfocus.com/bid/24147 http://www.securityfocus.com/bid/25159 http://www.osvdb.org/34877 http://www.securitytracker.com/id?1018138 http://secunia.com/advisories/25701 http://secunia.com/advisories/26235 http://secunia.com/advisories/26512 http://secunia.com/advisories/27037 http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html http://secunia.com/advisories/29242 http://www.redhat.com/support/errata/RHSA-2008-0261.html http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795 http://www.vupen.com/english/advisories/2007/2732 http://www.vupen.com/english/advisories/2007/1941 http://www.vupen.com/english/advisories/2007/3386 https://exchange.xforce.ibmcloud.com/vulnerabilities/34496 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6002 https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/277d42b48b6e9aef50949c0dcc79ce21693091d73da246b3c1981925%40%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/r5c616dfc49156e4b06ffab842800c80f4425924d0f20c452c127a53c%40%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/5b7a23e245c93235c503900da854a143596d901bf1a1f67e851a5de4%40%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/8d2a579bbd977c225c70cb23b0ec54865fb0dab5da3eff1e060c9935%40%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3E https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=425836 https://nvd.nist.gov https://github.com/sagardevopss/sample_web_app https://www.debian.org/security/./dsa-1312

CVE-2007-1860

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect