CVE-2007-1860 — MEDIUM (5.0)

Q: How severe is CVE-2007-1860?

CVE-2007-1860 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2007-1860?

Check the references section above for vendor advisories and patch information. Affected products include: Apache Tomcat Jk Web Server Connector.

Vulnerability Description

mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. (dot dot) sequences and directory traversal, a related issue to CVE-2007-0450.

CVSS Score

5.0

MEDIUM

AV:N/AC:L/Au:N/C:P/I:N/A:N

Confidentiality

PARTIAL

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Apache	Tomcat Jk Web Server Connector	<= 1.2.22

Related Weaknesses (CWE)

CWE-22

References

FAQ

What is CVE-2007-1860?

CVE-2007-1860 is a vulnerability with a CVSS score of 5.0 (MEDIUM). mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protect...

How severe is CVE-2007-1860?

CVE-2007-1860 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2007-1860?

Check the references section above for vendor advisories and patch information. Affected products include: Apache Tomcat Jk Web Server Connector.