Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2007-0450

Опубликовано: 16 мар. 2007
Источник: debian

Описание

Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
tomcat5removedpackage
tomcat5.5fixed5.5.23-1package

Примечания

  • This only adds an additional control settings for path delimiters, the

  • necessary proxies still need to be secured or fixed individually (e.g.

  • as done for mod_jk in a DSA

Связанные уязвимости

ubuntu логотип

CVE-2007-0450

ubuntu
больше 18 лет назад

Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.

redhat логотип

CVE-2007-0450

redhat
больше 18 лет назад

Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.

nvd логотип

CVE-2007-0450

nvd
больше 18 лет назад

Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.

github логотип

GHSA-4prh-gqw8-rgh5

github
около 3 лет назад

Apache Tomcat Directory Traversal

oracle-oval логотип

ELSA-2007-0327

oracle-oval
почти 18 лет назад

ELSA-2007-0327: Important: tomcat security update (IMPORTANT)