Showing 1 - 3 of 3

CVE-2007-1860

Status Candidate

Overview

mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. (dot dot) sequences and directory traversal, a related issue to CVE-2007-0450.

Related Files

HP Security Bulletin 2007-14.47: Posted Oct 10, 2007; Authored by Hewlett Packard | Site hp.com; HP Security Bulletin - Potential security vulnerabilities have been identified with Apache running on HP-UX. The vulnerabilities could be exploited remotely via Cross Site Scripting (XSS) to execute arbitrary code.; tags | advisory, arbitrary, vulnerability, xss; systems | hpux; advisories | CVE-2005-2090, CVE-2006-5752, CVE-2007-0450, CVE-2007-0774, CVE-2007-1355, CVE-2007-1358, CVE-2007-1860, CVE-2007-1863, CVE-2007-1887, CVE-2007-1900, CVE-2007-2449, CVE-2007-2450, CVE-2007-2756, CVE-2007-2872, CVE-2007-3382, CVE-2007-3385, CVE-2007-3386; SHA-256 | 85ce851efccb71b60d9f0e47f9402e4ce2d6740afac5c78fc233d8379f869bc3; Download | Favorite | View

Gentoo Linux Security Advisory 200708-15: Posted Aug 20, 2007; Authored by Gentoo | Site security.gentoo.org; Gentoo Linux Security Advisory GLSA 200708-15 - Apache mod_jk decodes the URL within Apache before passing them to Tomcat, which decodes them a second time. Versions less than 1.2.23 are affected.; tags | advisory; systems | linux, gentoo; advisories | CVE-2007-1860; SHA-256 | 4ca0446cdd2d859fba00ae0ccbf75294eaeac3333d1d23f00be373680fe7fdb7; Download | Favorite | View

Debian Linux Security Advisory 1312-1: Posted Jun 20, 2007; Authored by Debian | Site debian.org; Debian Security Advisory 1312-1 - It was discovered that the Apache 1.3 connector for the Tomcat Java servlet engine decoded request URLs multiple times, which can lead to information disclosure.; tags | advisory, java, info disclosure; systems | linux, debian; advisories | CVE-2007-1860; SHA-256 | d6e583ec69a0e856aaa4acac15a004b79f0f9e922d60c725400771ac6e3f4fd8; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 223 files
Ubuntu 57 files
LiquidWorm 23 files
Debian 19 files
indoushka 15 files
Apple 9 files
Google Security Research 5 files
Gentoo 5 files
Chokri Hammedi 3 files
Alter Prime 3 files

File Archives

Systems

AIX (430)
Apple (2,126)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,158)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,604)
HPUX (881)
iOS (393)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,830)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,245)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,969)
UNIX (9,474)
UnixWare (188)
Windows (6,784)
Other

CVE-2007-1860

Overview

Related Files

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems