Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

CVE ID:CVE-2007-1860
Description:mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. (dot dot) sequences and directory traversal, a related issue to CVE-2007-0450.
Test IDs: 1.3.6.1.4.1.25623.1.0.62870   1.3.6.1.4.1.25623.1.0.58847   1.3.6.1.4.1.25623.1.0.58285   1.3.6.1.4.1.25623.1.0.58360   1.3.6.1.4.1.25623.1.0.58550  
Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2007-1860
http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html
BugTraq ID: 24147
http://www.securityfocus.com/bid/24147
BugTraq ID: 25159
http://www.securityfocus.com/bid/25159
Debian Security Information: DSA-1312 (Google Search)
http://www.debian.org/security/2007/dsa-1312
http://security.gentoo.org/glsa/glsa-200708-15.xml
HPdes Security Advisory: HPSBUX02262
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795
HPdes Security Advisory: SSRT071447
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795
http://tomcat.apache.org/connectors-doc/news/20070301.html#20070518.1
https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/8d2a579bbd977c225c70cb23b0ec54865fb0dab5da3eff1e060c9935@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/277d42b48b6e9aef50949c0dcc79ce21693091d73da246b3c1981925@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/5b7a23e245c93235c503900da854a143596d901bf1a1f67e851a5de4@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r5c616dfc49156e4b06ffab842800c80f4425924d0f20c452c127a53c@%3Cdev.tomcat.apache.org%3E
http://www.osvdb.org/34877
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6002
RedHat Security Advisories: RHSA-2007:0379
http://www.redhat.com/support/errata/RHSA-2007-0379.html
RedHat Security Advisories: RHSA-2008:0261
http://www.redhat.com/support/errata/RHSA-2008-0261.html
http://www.securitytracker.com/id?1018138
http://secunia.com/advisories/25383
http://secunia.com/advisories/25701
http://secunia.com/advisories/26235
http://secunia.com/advisories/26512
http://secunia.com/advisories/27037
http://secunia.com/advisories/29242
SuSE Security Announcement: SUSE-SR:2008:005 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html
http://www.vupen.com/english/advisories/2007/1941
http://www.vupen.com/english/advisories/2007/2732
http://www.vupen.com/english/advisories/2007/3386
XForce ISS Database: tomcat-jkconnector-security-bypass(34496)
https://exchange.xforce.ibmcloud.com/vulnerabilities/34496




© 1998-2024 E-Soft Inc. All rights reserved.