CVE-2007-1860

mod_jk sends decoded URL to tomcat

Severity Score

5.0

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. (dot dot) sequences and directory traversal, a related issue to CVE-2007-0450.

El componente mod_jk en Apache Tomcat JK Web Server Connector versión 1.2. x anterior a 1.2.23, descodifica las URL de petición dentro del servidor Apache HTTP antes de pasar la URL a Tomcat, lo que permite a los atacantes remotos acceder a páginas protegidas por medio de un JkMount prefijado y creado, posiblemente involucrando secuencias double-encoded.. (punto punto) y el salto de directorio (directory traversal), un problema relacionado a CVE-2007-0450.

*Credits: N/A

CVSS Scores

NISTv2 5.0

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2007-04-04 CVE Reserved
2007-05-25 CVE Published
2024-06-12 EPSS Updated
2024-08-07 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CAPEC

References (36)

URL	Tag	Source
http://docs.info.apple.com/article.html?artnum=306172	X_refsource_confirm
http://www.osvdb.org/34877	Vdb Entry
http://www.securityfocus.com/bid/24147	Vdb Entry
http://www.securityfocus.com/bid/25159	Vdb Entry
http://www.securitytracker.com/id?1018138	Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/34496	Vdb Entry
https://lists.apache.org/thread.html/277d42b48b6e9aef50949c0dcc79ce21693091d73da246b3c1981925%40%3Cdev.tomcat.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/5b7a23e245c93235c503900da854a143596d901bf1a1f67e851a5de4%40%3Cdev.tomcat.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/8d2a579bbd977c225c70cb23b0ec54865fb0dab5da3eff1e060c9935%40%3Cdev.tomcat.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/r5c616dfc49156e4b06ffab842800c80f4425924d0f20c452c127a53c%40%3Cdev.tomcat.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3E	Mailing List
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6002	Signature

URL	Date	SRC

URL	Date	SRC
http://secunia.com/advisories/25383	2023-02-13
http://tomcat.apache.org/connectors-doc/news/20070301.html#20070518.1	2023-02-13
http://tomcat.apache.org/security-jk.html	2023-02-13

URL	Date	SRC
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795	2023-02-13
http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html	2023-02-13
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html	2023-02-13
http://secunia.com/advisories/25701	2023-02-13
http://secunia.com/advisories/26235	2023-02-13
http://secunia.com/advisories/26512	2023-02-13
http://secunia.com/advisories/27037	2023-02-13
http://secunia.com/advisories/29242	2023-02-13
http://security.gentoo.org/glsa/glsa-200708-15.xml	2023-02-13
http://www.debian.org/security/2007/dsa-1312	2023-02-13
http://www.redhat.com/support/errata/RHSA-2007-0379.html	2023-02-13
http://www.redhat.com/support/errata/RHSA-2008-0261.html	2023-02-13
http://www.vupen.com/english/advisories/2007/1941	2023-02-13
http://www.vupen.com/english/advisories/2007/2732	2023-02-13
http://www.vupen.com/english/advisories/2007/3386	2023-02-13
https://access.redhat.com/security/cve/CVE-2007-1860	2008-06-30
https://bugzilla.redhat.com/show_bug.cgi?id=237656	2008-06-30

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Apache Search vendor "Apache"		Tomcat Jk Web Server Connector Search vendor "Apache" for product "Tomcat Jk Web Server Connector"				<= 1.2.22 Search vendor "Apache" for product "Tomcat Jk Web Server Connector" and version " <= 1.2.22"		-		Affected