Directory Traversal Vulnerability in Apache Tomcat JK Web Server Connector
CVE-2007-1860

Currently unrated

Key Information:

Vendor: Apache
Status: Tomcat Jk Web Server Connector
Vendor: CVE Published:; 25 May 2007

Summary

The Tomcat JK Web Server Connector prior to version 1.2.23 contains a vulnerability in how it handles request URLs. By decoding URLs issued to the Apache HTTP Server before relaying them to Tomcat, the connector permits remote attackers to access restricted pages. This is achieved through a specially crafted JkMount prefix that may involve double-encoded sequences, posing significant security risks related to unauthorized data exposure.

References

http://www.debian.org/security/2007/dsa-1312

vendor-advisoryx_refsource_DEBIAN

http://www.vupen.com/english/advisories/2007/2732

vdb-entryx_refsource_VUPEN

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

EPSS Score

17% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
May 25, 2007
Vulnerability Reserved
Apr 4, 2007