CVE-2007-1860
Description
mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. (dot dot) sequences and directory traversal, a related issue to CVE-2007-0450.
Risk Information
Base Score
7.5
MODERATE
Vector
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
25.519
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Update Apache Tomcat to 5.5.21 | Windows |
| Update Apache Tomcat to 5.5.22 | Windows |
| Update Apache Tomcat to 5.5.21 (For Linux) | Linux |
| Update Apache Tomcat to 5.5.22 (For Linux) | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234