admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 01:02:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2007/CVE-2007-18xx/CVE-2007-1860.json
René Helmke 7791f18b51 bootstrap
2023-05-16 16:09:41 +02:00

202 lines
6.7 KiB
JSON
Raw Blame History

{
"id": "CVE-2007-1860",
"sourceIdentifier": "secalert@redhat.com",
"published": "2007-05-25T18:30:00.000",
"lastModified": "2023-02-13T02:17:35.103",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. (dot dot) sequences and directory traversal, a related issue to CVE-2007-0450."
},
{
"lang": "es",
"value": "El componente mod_jk en Apache Tomcat JK Web Server Connector versi\u00f3n 1.2. x anterior a 1.2.23, descodifica las URL de petici\u00f3n dentro del servidor Apache HTTP antes de pasar la URL a Tomcat, lo que permite a los atacantes remotos acceder a p\u00e1ginas protegidas por medio de un JkMount prefijado y creado, posiblemente involucrando secuencias double-encoded.. (punto punto) y el salto de directorio (directory traversal), un problema relacionado a CVE-2007-0450."
}
],
"metrics": {
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:tomcat_jk_web_server_connector:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.2.22",
"matchCriteriaId": "4B244B0D-0F1A-4A6C-9798-7F0A4AFB64E1"
}
]
}
]
}
],
"references": [
{
"url": "http://docs.info.apple.com/article.html?artnum=306172",
"source": "secalert@redhat.com"
},
{
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795",
"source": "secalert@redhat.com"
},
{
"url": "http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html",
"source": "secalert@redhat.com"
},
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html",
"source": "secalert@redhat.com"
},
{
"url": "http://security.gentoo.org/glsa/glsa-200708-15.xml",
"source": "secalert@redhat.com"
},
{
"url": "http://tomcat.apache.org/connectors-doc/news/20070301.html#20070518.1",
"source": "secalert@redhat.com",
"tags": [
"Patch"
]
},
{
"url": "http://tomcat.apache.org/security-jk.html",
"source": "secalert@redhat.com",
"tags": [
"Patch"
]
},
{
"url": "http://www.debian.org/security/2007/dsa-1312",
"source": "secalert@redhat.com"
},
{
"url": "http://www.redhat.com/support/errata/RHSA-2007-0379.html",
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html",
"source": "secalert@redhat.com"
},
{
"url": "http://www.securityfocus.com/bid/24147",
"source": "secalert@redhat.com"
},
{
"url": "http://www.securityfocus.com/bid/25159",
"source": "secalert@redhat.com"
},
{
"url": "http://www.securitytracker.com/id?1018138",
"source": "secalert@redhat.com"
},
{
"url": "http://www.vupen.com/english/advisories/2007/1941",
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "http://www.vupen.com/english/advisories/2007/2732",
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "http://www.vupen.com/english/advisories/2007/3386",
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34496",
"source": "secalert@redhat.com"
},
{
"url": "https://lists.apache.org/thread.html/277d42b48b6e9aef50949c0dcc79ce21693091d73da246b3c1981925%40%3Cdev.tomcat.apache.org%3E",
"source": "secalert@redhat.com"
},
{
"url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E",
"source": "secalert@redhat.com"
},
{
"url": "https://lists.apache.org/thread.html/5b7a23e245c93235c503900da854a143596d901bf1a1f67e851a5de4%40%3Cdev.tomcat.apache.org%3E",
"source": "secalert@redhat.com"
},
{
"url": "https://lists.apache.org/thread.html/8d2a579bbd977c225c70cb23b0ec54865fb0dab5da3eff1e060c9935%40%3Cdev.tomcat.apache.org%3E",
"source": "secalert@redhat.com"
},
{
"url": "https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3E",
"source": "secalert@redhat.com"
},
{
"url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E",
"source": "secalert@redhat.com"
},
{
"url": "https://lists.apache.org/thread.html/r5c616dfc49156e4b06ffab842800c80f4425924d0f20c452c127a53c%40%3Cdev.tomcat.apache.org%3E",
"source": "secalert@redhat.com"
},
{
"url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E",
"source": "secalert@redhat.com"
},
{
"url": "https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3E",
"source": "secalert@redhat.com"
},
{
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6002",
"source": "secalert@redhat.com"
}
]
}
Reference in New Issue View Git Blame Copy Permalink