Directory Traversal Vulnerability in Apache Tomcat JK Web Server Connector
CVE-2007-1860

Currently unrated

Key Information:

Vendor

Apache
Status
Tomcat Jk Web Server Connector
Vendor
CVE Published:
25 May 2007

What is CVE-2007-1860?

The Tomcat JK Web Server Connector prior to version 1.2.23 contains a vulnerability in how it handles request URLs. By decoding URLs issued to the Apache HTTP Server before relaying them to Tomcat, the connector permits remote attackers to access restricted pages. This is achieved through a specially crafted JkMount prefix that may involve double-encoded sequences, posing significant security risks related to unauthorized data exposure.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www.debian.org/security/2007/dsa-1312
vendor-advisoryx_refsource_DEBIAN
http://www.vupen.com/english/advisories/2007/2732
vdb-entryx_refsource_VUPEN
https://oval.cisecurity.org/repository/search/definition/...
vdb-entrysignaturex_refsource_OVAL

EPSS Score

25% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.