Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0

CVE-2007-1860

Disclosure Date: May 25, 2007
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. (dot dot) sequences and directory traversal, a related issue to CVE-2007-0450.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

General Information

References

Advisory

Additional Info

Technical Analysis