CVE-2007-1860 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2007-1860 Interim 1 3 2021-06-09T08:40:28Z current 2021-05-30T12:38:36Z 2021-06-09T08:40:28Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2007-1860 mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. (dot dot) sequences and directory traversal, a related issue to CVE-2007-0450. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html E-Mail link for SUSE-SR:2008:005 https://www.suse.com/support/kb/doc/?id=7002362 E-Mail link for TID7002362 https://www.suse.com/support/security/rating/ SUSE Security Ratings mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. (dot dot) sequences and directory traversal, a related issue to CVE-2007-0450. CVE-2007-1860 important 5 AV:N/AC:L/Au:N/C:P/I:N/A:N