cbcvebase.
CVE-2007-1860
published 2007-05-25

CVE-2007-1860: mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which…

PriorityP430medium5CVSS 2.0
AVNACLAuNCPINAN
EPSS
12.92%
95.8th percentile
mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. (dot dot) sequences and directory traversal, a related issue to CVE-2007-0450.

Affected

2 ranges
VendorProductVersion rangeFixed in
apachetomcat_jk_web_server_connector<= 1.2.22
debianlibapache-mod-jk< libapache-mod-jk 1:1.2.23-1 (bookworm)libapache-mod-jk 1:1.2.23-1 (bookworm)

CVSS provenance

nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
osv5.0MEDIUM
vendor_debian5.0MEDIUM
vendor_redhat5.0MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.