CVE-2007-1860

Source
https://nvd.nist.gov/vuln/detail/CVE-2007-1860
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2007-1860.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2007-1860
Related
Published
2007-05-25T18:30:00Z
Modified
2024-09-11T02:00:06Z
Summary
[none]
Details

mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. (dot dot) sequences and directory traversal, a related issue to CVE-2007-0450.

References

Affected packages

Debian:11 / libapache-mod-jk

Package

Name
libapache-mod-jk
Purl
pkg:deb/debian/libapache-mod-jk?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:1.2.23-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / libapache-mod-jk

Package

Name
libapache-mod-jk
Purl
pkg:deb/debian/libapache-mod-jk?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:1.2.23-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / libapache-mod-jk

Package

Name
libapache-mod-jk
Purl
pkg:deb/debian/libapache-mod-jk?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:1.2.23-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}