Unrated severityNVD Advisory· Published May 25, 2007· Updated Apr 23, 2026
CVE-2007-1860
CVE-2007-1860
Description
mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. (dot dot) sequences and directory traversal, a related issue to CVE-2007-0450.
Affected products
1- cpe:2.3:a:apache:tomcat_jk_web_server_connector:*:*:*:*:*:*:*:*Range: <=1.2.22
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
34- secunia.com/advisories/25383nvdPatchVendor Advisory
- tomcat.apache.org/connectors-doc/news/20070301.htmlnvdPatch
- tomcat.apache.org/security-jk.htmlnvdPatch
- secunia.com/advisories/25701nvdVendor Advisory
- secunia.com/advisories/26235nvdVendor Advisory
- secunia.com/advisories/26512nvdVendor Advisory
- secunia.com/advisories/27037nvdVendor Advisory
- secunia.com/advisories/29242nvdVendor Advisory
- www.redhat.com/support/errata/RHSA-2007-0379.htmlnvdVendor Advisory
- www.vupen.com/english/advisories/2007/1941nvdVendor Advisory
- www.vupen.com/english/advisories/2007/2732nvdVendor Advisory
- www.vupen.com/english/advisories/2007/3386nvdVendor Advisory
- docs.info.apple.com/article.htmlnvd
- h20000.www2.hp.com/bizsupport/TechSupport/Document.jspnvd
- lists.apple.com/archives/security-announce//2007/Jul/msg00004.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.htmlnvd
- security.gentoo.org/glsa/glsa-200708-15.xmlnvd
- www.debian.org/security/2007/dsa-1312nvd
- www.osvdb.org/34877nvd
- www.redhat.com/support/errata/RHSA-2008-0261.htmlnvd
- www.securityfocus.com/bid/24147nvd
- www.securityfocus.com/bid/25159nvd
- www.securitytracker.com/idnvd
- exchange.xforce.ibmcloud.com/vulnerabilities/34496nvd
- lists.apache.org/thread.html/277d42b48b6e9aef50949c0dcc79ce21693091d73da246b3c1981925%40%3Cdev.tomcat.apache.org%3Envd
- lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3Envd
- lists.apache.org/thread.html/5b7a23e245c93235c503900da854a143596d901bf1a1f67e851a5de4%40%3Cdev.tomcat.apache.org%3Envd
- lists.apache.org/thread.html/8d2a579bbd977c225c70cb23b0ec54865fb0dab5da3eff1e060c9935%40%3Cdev.tomcat.apache.org%3Envd
- lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3Envd
- lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3Envd
- lists.apache.org/thread.html/r5c616dfc49156e4b06ffab842800c80f4425924d0f20c452c127a53c%40%3Cdev.tomcat.apache.org%3Envd
- lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3Envd
- lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3Envd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6002nvd
News mentions
0No linked articles in our index yet.