Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2007-0450

Опубликовано: 16 мар. 2007
Источник: ubuntu
Приоритет: untriaged
EPSS Высокий
CVSS2: 5

Описание

Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.

РелизСтатусПримечание
dapper

ignored

end of life
devel

DNE

edgy

ignored

end of life, was needed
feisty

ignored

end of life, was needed
gutsy

DNE

hardy

DNE

intrepid

DNE

jaunty

DNE

karmic

DNE

upstream

needs-triage

Показывать по

РелизСтатусПримечание
dapper

DNE

devel

DNE

edgy

ignored

end of life, was needed
feisty

ignored

end of life, was needed
gutsy

not-affected

hardy

not-affected

intrepid

not-affected

jaunty

not-affected

karmic

DNE

upstream

needs-triage

Показывать по

Ссылки на источники

EPSS

Процентиль: 99%
0.88844
Высокий

5 Medium

CVSS2

Связанные уязвимости

redhat логотип

CVE-2007-0450

redhat
больше 18 лет назад

Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.

nvd логотип

CVE-2007-0450

nvd
больше 18 лет назад

Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.

debian логотип

CVE-2007-0450

debian
больше 18 лет назад

Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x ...

github логотип

GHSA-4prh-gqw8-rgh5

github
около 3 лет назад

Apache Tomcat Directory Traversal

oracle-oval логотип

ELSA-2007-0327

oracle-oval
почти 18 лет назад

ELSA-2007-0327: Important: tomcat security update (IMPORTANT)

EPSS

Процентиль: 99%
0.88844
Высокий

5 Medium

CVSS2