Vulnerability-Lookup

CVE-2007-0450 (GCVE-0-2007-0450)

Vulnerability from cvelistv5 – Published: 2007-03-17 02:00 – Updated: 2024-08-07 12:19

Summary

Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.

Severity ?

No CVSS data available.

CWE

Assigner

redhat

References

URL

Tags

	http://tomcat.apache.org/security-4.html	x_refsource_CONFIRM
	http://secunia.com/advisories/30908	third-party-advisoryx_refsource_SECUNIA
	http://lists.vmware.com/pipermail/security-announ…	mailing-listx_refsource_MLIST
	http://www.vupen.com/english/advisories/2007/2732	vdb-entryx_refsource_VUPEN
	http://sunsolve.sun.com/search/document.do?assetk…	vendor-advisoryx_refsource_SUNALERT
	http://www.vupen.com/english/advisories/2007/3087	vdb-entryx_refsource_VUPEN
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://secunia.com/advisories/30899	third-party-advisoryx_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2008/1979…	vdb-entryx_refsource_VUPEN
	http://www.novell.com/linux/security/advisories/2…	vendor-advisoryx_refsource_SUSE
	http://lists.apple.com/archives/security-announce…	vendor-advisoryx_refsource_APPLE
	http://www.vupen.com/english/advisories/2008/0065	vdb-entryx_refsource_VUPEN
	http://www.securityfocus.com/archive/1/500412/100…	mailing-listx_refsource_BUGTRAQ
	http://secunia.com/advisories/33668	third-party-advisoryx_refsource_SECUNIA
	http://www.securityfocus.com/archive/1/485938/100…	mailing-listx_refsource_BUGTRAQ
	http://www.securityfocus.com/archive/1/500396/100…	mailing-listx_refsource_BUGTRAQ
	http://secunia.com/advisories/25280	third-party-advisoryx_refsource_SECUNIA
	http://www.redhat.com/support/errata/RHSA-2007-03…	vendor-advisoryx_refsource_REDHAT
	http://secunia.com/advisories/24732	third-party-advisoryx_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2009/0233	vdb-entryx_refsource_VUPEN
	http://www.securityfocus.com/bid/22960	vdb-entryx_refsource_BID
	http://secunia.com/advisories/28365	third-party-advisoryx_refsource_SECUNIA
	http://support.avaya.com/elmodocs2/security/ASA-2…	x_refsource_CONFIRM
	http://tomcat.apache.org/security-6.html	x_refsource_CONFIRM
	http://www.sec-consult.com/287.html	x_refsource_MISC
	http://www.vupen.com/english/advisories/2007/3386	vdb-entryx_refsource_VUPEN
	http://www.sec-consult.com/fileadmin/Advisories/2…	x_refsource_MISC
	http://www.redhat.com/support/errata/RHSA-2007-03…	vendor-advisoryx_refsource_REDHAT
	http://secunia.com/advisories/27037	third-party-advisoryx_refsource_SECUNIA
	http://docs.info.apple.com/article.html?artnum=306172	x_refsource_CONFIRM
	http://h20000.www2.hp.com/bizsupport/TechSupport/…	vendor-advisoryx_refsource_HP
	http://www.vupen.com/english/advisories/2007/0975	vdb-entryx_refsource_VUPEN
	http://h20000.www2.hp.com/bizsupport/TechSupport/…	vendor-advisoryx_refsource_HP
	http://tomcat.apache.org/security-5.html	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/25159	vdb-entryx_refsource_BID
	http://secunia.com/advisories/26660	third-party-advisoryx_refsource_SECUNIA
	http://www.redhat.com/support/errata/RHSA-2008-02…	vendor-advisoryx_refsource_REDHAT
	http://www.fujitsu.com/global/support/software/se…	x_refsource_CONFIRM
	http://security.gentoo.org/glsa/glsa-200705-03.xml	vendor-advisoryx_refsource_GENTOO
	http://secunia.com/advisories/25106	third-party-advisoryx_refsource_SECUNIA
	http://securityreason.com/securityalert/2446	third-party-advisoryx_refsource_SREASON
	http://community.ca.com/blogs/casecurityresponseb…	x_refsource_CONFIRM
	http://support.ca.com/irj/portal/anonymous/phpsup…	x_refsource_CONFIRM
	http://www.securityfocus.com/archive/1/462791/100…	mailing-listx_refsource_BUGTRAQ
	http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
	http://www.novell.com/linux/security/advisories/2…	vendor-advisoryx_refsource_SUSE
	http://secunia.com/advisories/26235	third-party-advisoryx_refsource_SECUNIA
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	https://lists.apache.org/thread.html/ba661b0edd91…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/29dc6c2b6257…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/8d2a579bbd97…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/c62b0e3a7bf2…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/277d42b48b6e…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/5b7a23e245c9…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/rf8e8c091182…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/rb71997f506c…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/r5c616dfc491…	mailing-listx_refsource_MLIST

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T12:19:30.290Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://tomcat.apache.org/security-4.html"
          },
          {
            "name": "30908",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30908"
          },
          {
            "name": "[Security-announce] 20080107 VMSA-2008-0002 Low severity security update for VirtualCenter and ESX Server 3.0.2, and ESX 3.0.1",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.vmware.com/pipermail/security-announce/2008/000003.html"
          },
          {
            "name": "ADV-2007-2732",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/2732"
          },
          {
            "name": "239312",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1"
          },
          {
            "name": "ADV-2007-3087",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/3087"
          },
          {
            "name": "tomcat-proxy-directory-traversal(32988)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32988"
          },
          {
            "name": "30899",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30899"
          },
          {
            "name": "ADV-2008-1979",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/1979/references"
          },
          {
            "name": "SUSE-SR:2007:005",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2007_5_sr.html"
          },
          {
            "name": "APPLE-SA-2007-07-31",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html"
          },
          {
            "name": "ADV-2008-0065",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/0065"
          },
          {
            "name": "20090127 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Updated - v1.1)",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/500412/100/0/threaded"
          },
          {
            "name": "33668",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/33668"
          },
          {
            "name": "20080108 VMSA-2008-0002 Low severity security update for VirtualCenter and ESX Server 3.0.2, and ESX 3.0.1",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/485938/100/0/threaded"
          },
          {
            "name": "20090124 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/500396/100/0/threaded"
          },
          {
            "name": "25280",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/25280"
          },
          {
            "name": "RHSA-2007:0360",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2007-0360.html"
          },
          {
            "name": "24732",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24732"
          },
          {
            "name": "ADV-2009-0233",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/0233"
          },
          {
            "name": "22960",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/22960"
          },
          {
            "name": "28365",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28365"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-206.htm"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://tomcat.apache.org/security-6.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.sec-consult.com/287.html"
          },
          {
            "name": "ADV-2007-3386",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/3386"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.sec-consult.com/fileadmin/Advisories/20070314-0-apache_tomcat_directory_traversal.txt"
          },
          {
            "name": "RHSA-2007:0327",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2007-0327.html"
          },
          {
            "name": "27037",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27037"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://docs.info.apple.com/article.html?artnum=306172"
          },
          {
            "name": "SSRT071447",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795"
          },
          {
            "name": "ADV-2007-0975",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/0975"
          },
          {
            "name": "HPSBUX02262",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://tomcat.apache.org/security-5.html"
          },
          {
            "name": "25159",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/25159"
          },
          {
            "name": "26660",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26660"
          },
          {
            "name": "RHSA-2008:0261",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200702e.html"
          },
          {
            "name": "GLSA-200705-03",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200705-03.xml"
          },
          {
            "name": "25106",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/25106"
          },
          {
            "name": "2446",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/2446"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540"
          },
          {
            "name": "20070314 SEC Consult SA-20070314-0 :: Apache HTTP Server / Tomcat directory traversal",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/462791/100/0/threaded"
          },
          {
            "name": "MDKSA-2007:241",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:241"
          },
          {
            "name": "SUSE-SR:2007:015",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html"
          },
          {
            "name": "26235",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26235"
          },
          {
            "name": "oval:org.mitre.oval:def:10643",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10643"
          },
          {
            "name": "[tomcat-dev] 20190319 svn commit: r1855831 [26/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20190325 svn commit: r1856174 [25/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/8d2a579bbd977c225c70cb23b0ec54865fb0dab5da3eff1e060c9935%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20190413 svn commit: r1857494 [18/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/277d42b48b6e9aef50949c0dcc79ce21693091d73da246b3c1981925%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20190415 svn commit: r1857582 [20/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/5b7a23e245c93235c503900da854a143596d901bf1a1f67e851a5de4%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20200203 svn commit: r1873527 [26/30] - /tomcat/site/trunk/docs/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20200213 svn commit: r1873980 [30/34] - /tomcat/site/trunk/docs/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r5c616dfc49156e4b06ffab842800c80f4425924d0f20c452c127a53c%40%3Cdev.tomcat.apache.org%3E"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-03-14T04:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) \"/\" (slash), (2) \"\\\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-02-13T21:10:18.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://tomcat.apache.org/security-4.html"
        },
        {
          "name": "30908",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30908"
        },
        {
          "name": "[Security-announce] 20080107 VMSA-2008-0002 Low severity security update for VirtualCenter and ESX Server 3.0.2, and ESX 3.0.1",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.vmware.com/pipermail/security-announce/2008/000003.html"
        },
        {
          "name": "ADV-2007-2732",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/2732"
        },
        {
          "name": "239312",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1"
        },
        {
          "name": "ADV-2007-3087",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/3087"
        },
        {
          "name": "tomcat-proxy-directory-traversal(32988)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32988"
        },
        {
          "name": "30899",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30899"
        },
        {
          "name": "ADV-2008-1979",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/1979/references"
        },
        {
          "name": "SUSE-SR:2007:005",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2007_5_sr.html"
        },
        {
          "name": "APPLE-SA-2007-07-31",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html"
        },
        {
          "name": "ADV-2008-0065",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/0065"
        },
        {
          "name": "20090127 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Updated - v1.1)",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/500412/100/0/threaded"
        },
        {
          "name": "33668",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/33668"
        },
        {
          "name": "20080108 VMSA-2008-0002 Low severity security update for VirtualCenter and ESX Server 3.0.2, and ESX 3.0.1",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/485938/100/0/threaded"
        },
        {
          "name": "20090124 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/500396/100/0/threaded"
        },
        {
          "name": "25280",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/25280"
        },
        {
          "name": "RHSA-2007:0360",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2007-0360.html"
        },
        {
          "name": "24732",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24732"
        },
        {
          "name": "ADV-2009-0233",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/0233"
        },
        {
          "name": "22960",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/22960"
        },
        {
          "name": "28365",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28365"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-206.htm"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://tomcat.apache.org/security-6.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.sec-consult.com/287.html"
        },
        {
          "name": "ADV-2007-3386",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/3386"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.sec-consult.com/fileadmin/Advisories/20070314-0-apache_tomcat_directory_traversal.txt"
        },
        {
          "name": "RHSA-2007:0327",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2007-0327.html"
        },
        {
          "name": "27037",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27037"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://docs.info.apple.com/article.html?artnum=306172"
        },
        {
          "name": "SSRT071447",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795"
        },
        {
          "name": "ADV-2007-0975",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/0975"
        },
        {
          "name": "HPSBUX02262",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://tomcat.apache.org/security-5.html"
        },
        {
          "name": "25159",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/25159"
        },
        {
          "name": "26660",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26660"
        },
        {
          "name": "RHSA-2008:0261",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200702e.html"
        },
        {
          "name": "GLSA-200705-03",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200705-03.xml"
        },
        {
          "name": "25106",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/25106"
        },
        {
          "name": "2446",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/2446"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540"
        },
        {
          "name": "20070314 SEC Consult SA-20070314-0 :: Apache HTTP Server / Tomcat directory traversal",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/462791/100/0/threaded"
        },
        {
          "name": "MDKSA-2007:241",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:241"
        },
        {
          "name": "SUSE-SR:2007:015",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html"
        },
        {
          "name": "26235",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26235"
        },
        {
          "name": "oval:org.mitre.oval:def:10643",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10643"
        },
        {
          "name": "[tomcat-dev] 20190319 svn commit: r1855831 [26/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20190325 svn commit: r1856174 [25/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/8d2a579bbd977c225c70cb23b0ec54865fb0dab5da3eff1e060c9935%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20190413 svn commit: r1857494 [18/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/277d42b48b6e9aef50949c0dcc79ce21693091d73da246b3c1981925%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20190415 svn commit: r1857582 [20/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/5b7a23e245c93235c503900da854a143596d901bf1a1f67e851a5de4%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20200203 svn commit: r1873527 [26/30] - /tomcat/site/trunk/docs/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20200213 svn commit: r1873980 [30/34] - /tomcat/site/trunk/docs/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r5c616dfc49156e4b06ffab842800c80f4425924d0f20c452c127a53c%40%3Cdev.tomcat.apache.org%3E"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2007-0450",
    "datePublished": "2007-03-17T02:00:00.000Z",
    "dateReserved": "2007-01-23T05:00:00.000Z",
    "dateUpdated": "2024-08-07T12:19:30.290Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTA-2009-AVI-032

Vulnerability from certfr_avis - Published: 2009-01-28 - Updated: 2009-01-28

De multiples vulnérabilités affectent la version d'Apache Tomcat fournie avec CA Cohesion Application Configuration Manager.

Description

De multiples vulnérabilités affectent la version d'Apache Tomcat incluse dans CA Cohesion Application Configuration Manager. Ces vulnérabilités sont décrites dans les diverses références CVE (voir section Documentation) et permettent notamment de réaliser un déni de service à distance, d'injecter des scripts, d'afficher le contenu de certains fichiers, etc.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

CA Cohesion Application Configuration Manager version 4.5.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité CA20090123-01 du 26 janvier 2009

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003e\u003cSPAN class=\"textit\"\u003eCA Cohesion Application Configuration  Manager\u003c/SPAN\u003e version 4.5.\u003c/P\u003e",
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s affectent la version d\u0027Apache Tomcat incluse\ndans CA Cohesion Application Configuration Manager. Ces vuln\u00e9rabilit\u00e9s\nsont d\u00e9crites dans les diverses r\u00e9f\u00e9rences CVE (voir section\nDocumentation) et permettent notamment de r\u00e9aliser un d\u00e9ni de service \u00e0\ndistance, d\u0027injecter des scripts, d\u0027afficher le contenu de certains\nfichiers, etc.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2007-2450",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2450"
    },
    {
      "name": "CVE-2007-0450",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0450"
    },
    {
      "name": "CVE-2008-0128",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0128"
    },
    {
      "name": "CVE-2007-1858",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1858"
    },
    {
      "name": "CVE-2007-1358",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1358"
    },
    {
      "name": "CVE-2006-7196",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-7196"
    },
    {
      "name": "CVE-2005-2090",
      "url": "https://www.cve.org/CVERecord?id=CVE-2005-2090"
    },
    {
      "name": "CVE-2007-3382",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-3382"
    },
    {
      "name": "CVE-2005-3510",
      "url": "https://www.cve.org/CVERecord?id=CVE-2005-3510"
    },
    {
      "name": "CVE-2006-3835",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-3835"
    },
    {
      "name": "CVE-2007-3386",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-3386"
    },
    {
      "name": "CVE-2007-2449",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2449"
    },
    {
      "name": "CVE-2007-1355",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1355"
    },
    {
      "name": "CVE-2006-7195",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-7195"
    },
    {
      "name": "CVE-2007-3385",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-3385"
    }
  ],
  "initial_release_date": "2009-01-28T00:00:00",
  "last_revision_date": "2009-01-28T00:00:00",
  "links": [],
  "reference": "CERTA-2009-AVI-032",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-01-28T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s affectent la version d\u0027\u003cspan\nclass=\"textit\"\u003eApache Tomcat\u003c/span\u003e fournie avec \u003cspan class=\"textit\"\u003eCA\nCohesion Application Configuration Manager\u003c/span\u003e.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans CA Cohesion Application Configuration Manager",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 CA20090123-01 du 26 janvier 2009",
      "url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540"
    }
  ]
}

CERTA-2008-AVI-008

Vulnerability from certfr_avis - Published: 2008-01-08 - Updated: 2008-01-08

De multiples vulnérabilités sur VMWare ESX Server et VirtualCenter Management Server permettent notamment à une personne malintentionnée distante d'exécuter du code arbitraire.

Description

De multiples vulnérabilités existent sur VMWare ESX Server. Celles-ci concernent des modules ou logiciels utilisés par le serveur et récemment mis à jour : OpenPegasus, Tomcat, Samba, OpenSSL, JRE, util-linux, et Perl. Certaines de ces failles permettent notamment à une personne malintentionnée distante d'exécuter du code arbitraire.

Solution

Se référer aux bulletins de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
VMware	N/A	VirtualCenter Management Server 2.
VMware	N/A	VMWare ESX Server 2.0.x ;
VMware	N/A	VMWare ESX Server 3.0.x ;

References

Title

Publication Time

Tags

Bulletin de sécurité VMWare VMSA-2008-0001 du 07 janvier 2008	None	vendor-advisory
Bulletin de sécurité VMWare VMSA-2008-0002 du 07 janvier 2008	None	vendor-advisory
Bulletin de sécurité VMWare VMSA-2008-0002 du 07 janvier 2008 :	-	other
Bulletin de sécurité VMWare VMSA-2008-0001 du 07 janvier 2008 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "VirtualCenter Management Server 2.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMWare ESX Server 2.0.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMWare ESX Server 3.0.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s existent sur VMWare ESX Server. Celles-ci\nconcernent des modules ou logiciels utilis\u00e9s par le serveur et r\u00e9cemment\nmis \u00e0 jour : OpenPegasus, Tomcat, Samba, OpenSSL, JRE, util-linux, et\nPerl. Certaines de ces failles permettent notamment \u00e0 une personne\nmalintentionn\u00e9e distante d\u0027ex\u00e9cuter du code arbitraire.\n\n## Solution\n\nSe r\u00e9f\u00e9rer aux bulletins de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2007-5360",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5360"
    },
    {
      "name": "CVE-2007-0450",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0450"
    },
    {
      "name": "CVE-2007-5135",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5135"
    },
    {
      "name": "CVE-2007-5116",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5116"
    },
    {
      "name": "CVE-2007-3004",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-3004"
    },
    {
      "name": "CVE-2005-2090",
      "url": "https://www.cve.org/CVERecord?id=CVE-2005-2090"
    },
    {
      "name": "CVE-2007-5398",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5398"
    },
    {
      "name": "CVE-2007-3108",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-3108"
    },
    {
      "name": "CVE-2007-4572",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-4572"
    },
    {
      "name": "CVE-2006-7195",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-7195"
    },
    {
      "name": "CVE-2007-5191",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5191"
    }
  ],
  "initial_release_date": "2008-01-08T00:00:00",
  "last_revision_date": "2008-01-08T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 VMWare VMSA-2008-0002 du 07 janvier    2008 :",
      "url": "http://lists.vmware.com/pipermail/security-announce/2008/000003.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 VMWare VMSA-2008-0001 du 07 janvier    2008 :",
      "url": "http://lists.vmware.com/pipermail/security-announce/2008/000002.html"
    }
  ],
  "reference": "CERTA-2008-AVI-008",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2008-01-08T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s sur \u003cspan class=\"textit\"\u003eVMWare ESX\nServer\u003c/span\u003e et \u003cspan class=\"textit\"\u003eVirtualCenter Management\nServer\u003c/span\u003e permettent notamment \u00e0 une personne malintentionn\u00e9e\ndistante d\u0027ex\u00e9cuter du code arbitraire.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 VMWare VMSA-2008-0001 du 07 janvier 2008",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 VMWare VMSA-2008-0002 du 07 janvier 2008",
      "url": null
    }
  ]
}

CERTA-2007-AVI-340

Vulnerability from certfr_avis - Published: 2007-08-01 - Updated: 2007-08-01

Plusieurs vulnérabilités ont été identifiées : elles concernent le système d'exploitation Mac OS X. L'exploitation de ces dernières peut avoir des conséquences variées, comme l'exécution de code arbitraire, ou un dysfonctionnement du système vulnérable.

Description

Plusieurs vulnérabilités ont été identifiées dans le système d'exploitation Mac OS X. Parmi celles-ci :

bzip2 : un nom d'archive malicieusement formé permet l'exécution de code arbitraire à distance ;
CFNetwork : un clic sur une addresse malicieusement formée permet l'exécution de commandes FTP arbitraires à distance ;
CoreAudio : une page Web malicieusement créée permet à l'aide d'une applet Java d'exécuter du code arbitraire à distance;
cscope : des vulnérabilités concernant un dépassement de mémoire et la création de fichiers temporaires dangereux ont été corrigées ;
gnuzip : un nom d'archive malicieusement formé permet l'exécution de code arbitraire à distance ;
iChat : un dépassement de mémoire permet de provoquer un déni de service à distance ou l'exécution de code arbitraire à distance au sein d'un même sous réseau ;
Kerberos : des vulnérabilités pouvant provoquer un déni de service ou l'exécution de code arbitraire à distance ont été corrigées ;
mDNSResponder : un dépassement de mémoire permet de provoquer un déni de service à distance ou l'exécution de code arbitraire à distance au sein d'un même sous réseau ;
PDFKit : l'ouverture d'un document malicieusement créé permet un déni de service de l'application ou l'exécution de code arbitraire ;
PHP : plusieurs vulnérabilités touchant PHP 4.4.4 ont été corrigées ;
Quartz Composer : l'ouverture d'un fichier Quartz malicieusement créé permet un déni de service de l'application ou l'exécution de code arbitraire ;
Samba : lorsque le partage de fichiers Windows est activé, un utilisateur non authentifié peut, à distance, provoquer un déni de service, exécuter du code ou des commandes arbitraires et contourner la politique de sécurité ;
SquirrelMail : plusieurs vulnérabilités dont au moins une permettant une attaque de type cross-site scripting ont été corrigées ;
Tomcat : plusieurs vulnérabilités dont certaines permettant des attaques de type cross-site scripting et l'atteinte à la confidentialité des données ont été corrigées ;
WebCore : des vulnérabilités permettant l'exécution d'applets Java alors que celui-ci est désactivé et permettant la réalisation d'attaques de type cross-site scripting ont été corrigées ;
WebKit : l'ouverture d'une page Web malicieusement créée permet l'exécution de code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	N/A	Apple Mac OS X Server v10.3.9 ;
Apple	N/A	Apple Mac OS X Server v10.4.10.
Apple	N/A	Apple Mac OS X v10.4.10 ;
Apple	N/A	Apple Mac OS X v10.3.9 ;

References

Title

Publication Time

Tags

Avis de sécurité Apple 2007-007 306172 du 30 juillet 2007	None	vendor-advisory
Bulletin de sécurité Apple 2007-007 306172 du 30 juillet 2007 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Apple Mac OS X Server v10.3.9 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple Mac OS X Server v10.4.10.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple Mac OS X v10.4.10 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple Mac OS X v10.3.9 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans le syst\u00e8me\nd\u0027exploitation Mac OS X. Parmi celles-ci :\n\n-   bzip2 : un nom d\u0027archive malicieusement form\u00e9 permet l\u0027ex\u00e9cution de\n    code arbitraire \u00e0 distance ;\n-   CFNetwork : un clic sur une addresse malicieusement form\u00e9e permet\n    l\u0027ex\u00e9cution de commandes FTP arbitraires \u00e0 distance ;\n-   CoreAudio : une page Web malicieusement cr\u00e9\u00e9e permet \u00e0 l\u0027aide d\u0027une\n    applet Java d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance;\n-   cscope : des vuln\u00e9rabilit\u00e9s concernant un d\u00e9passement de m\u00e9moire et\n    la cr\u00e9ation de fichiers temporaires dangereux ont \u00e9t\u00e9 corrig\u00e9es ;\n-   gnuzip : un nom d\u0027archive malicieusement form\u00e9 permet l\u0027ex\u00e9cution de\n    code arbitraire \u00e0 distance ;\n-   iChat : un d\u00e9passement de m\u00e9moire permet de provoquer un d\u00e9ni de\n    service \u00e0 distance ou l\u0027ex\u00e9cution de code arbitraire \u00e0 distance au\n    sein d\u0027un m\u00eame sous r\u00e9seau ;\n-   Kerberos : des vuln\u00e9rabilit\u00e9s pouvant provoquer un d\u00e9ni de service\n    ou l\u0027ex\u00e9cution de code arbitraire \u00e0 distance ont \u00e9t\u00e9 corrig\u00e9es ;\n-   mDNSResponder : un d\u00e9passement de m\u00e9moire permet de provoquer un\n    d\u00e9ni de service \u00e0 distance ou l\u0027ex\u00e9cution de code arbitraire \u00e0\n    distance au sein d\u0027un m\u00eame sous r\u00e9seau ;\n-   PDFKit : l\u0027ouverture d\u0027un document malicieusement cr\u00e9\u00e9 permet un\n    d\u00e9ni de service de l\u0027application ou l\u0027ex\u00e9cution de code arbitraire ;\n-   PHP : plusieurs vuln\u00e9rabilit\u00e9s touchant PHP 4.4.4 ont \u00e9t\u00e9 corrig\u00e9es\n    ;\n-   Quartz Composer : l\u0027ouverture d\u0027un fichier Quartz malicieusement\n    cr\u00e9\u00e9 permet un d\u00e9ni de service de l\u0027application ou l\u0027ex\u00e9cution de\n    code arbitraire ;\n-   Samba : lorsque le partage de fichiers Windows est activ\u00e9, un\n    utilisateur non authentifi\u00e9 peut, \u00e0 distance, provoquer un d\u00e9ni de\n    service, ex\u00e9cuter du code ou des commandes arbitraires et contourner\n    la politique de s\u00e9curit\u00e9 ;\n-   SquirrelMail : plusieurs vuln\u00e9rabilit\u00e9s dont au moins une permettant\n    une attaque de type cross-site scripting ont \u00e9t\u00e9 corrig\u00e9es ;\n-   Tomcat : plusieurs vuln\u00e9rabilit\u00e9s dont certaines permettant des\n    attaques de type cross-site scripting et l\u0027atteinte \u00e0 la\n    confidentialit\u00e9 des donn\u00e9es ont \u00e9t\u00e9 corrig\u00e9es ;\n-   WebCore : des vuln\u00e9rabilit\u00e9s permettant l\u0027ex\u00e9cution d\u0027applets Java\n    alors que celui-ci est d\u00e9sactiv\u00e9 et permettant la r\u00e9alisation\n    d\u0027attaques de type cross-site scripting ont \u00e9t\u00e9 corrig\u00e9es ;\n-   WebKit : l\u0027ouverture d\u0027une page Web malicieusement cr\u00e9\u00e9e permet\n    l\u0027ex\u00e9cution de code arbitraire \u00e0 distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2005-0758",
      "url": "https://www.cve.org/CVERecord?id=CVE-2005-0758"
    },
    {
      "name": "CVE-2007-2403",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2403"
    },
    {
      "name": "CVE-2007-1583",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1583"
    },
    {
      "name": "CVE-2007-2407",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2407"
    },
    {
      "name": "CVE-2006-2842",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-2842"
    },
    {
      "name": "CVE-2007-0450",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0450"
    },
    {
      "name": "CVE-2007-1711",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1711"
    },
    {
      "name": "CVE-2007-2409",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2409"
    },
    {
      "name": "CVE-2007-2405",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2405"
    },
    {
      "name": "CVE-2007-3944",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-3944"
    },
    {
      "name": "CVE-2007-1287",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1287"
    },
    {
      "name": "CVE-2007-1262",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1262"
    },
    {
      "name": "CVE-2007-2408",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2408"
    },
    {
      "name": "CVE-2005-3128",
      "url": "https://www.cve.org/CVERecord?id=CVE-2005-3128"
    },
    {
      "name": "CVE-2007-1521",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1521"
    },
    {
      "name": "CVE-2007-2446",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2446"
    },
    {
      "name": "CVE-2007-1358",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1358"
    },
    {
      "name": "CVE-2007-1717",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1717"
    },
    {
      "name": "CVE-2005-2090",
      "url": "https://www.cve.org/CVERecord?id=CVE-2005-2090"
    },
    {
      "name": "CVE-2007-1001",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1001"
    },
    {
      "name": "CVE-2007-0478",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0478"
    },
    {
      "name": "CVE-2006-3174",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-3174"
    },
    {
      "name": "CVE-2007-3747",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-3747"
    },
    {
      "name": "CVE-2007-2406",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2406"
    },
    {
      "name": "CVE-2007-3748",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-3748"
    },
    {
      "name": "CVE-2007-2442",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2442"
    },
    {
      "name": "CVE-2007-3744",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-3744"
    },
    {
      "name": "CVE-2007-3745",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-3745"
    },
    {
      "name": "CVE-2007-1460",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1460"
    },
    {
      "name": "CVE-2007-2410",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2410"
    },
    {
      "name": "CVE-2004-0996",
      "url": "https://www.cve.org/CVERecord?id=CVE-2004-0996"
    },
    {
      "name": "CVE-2006-6142",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-6142"
    },
    {
      "name": "CVE-2007-1860",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1860"
    },
    {
      "name": "CVE-2007-2798",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2798"
    },
    {
      "name": "CVE-2007-1461",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1461"
    },
    {
      "name": "CVE-2007-3742",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-3742"
    },
    {
      "name": "CVE-2004-2541",
      "url": "https://www.cve.org/CVERecord?id=CVE-2004-2541"
    },
    {
      "name": "CVE-2007-2404",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2404"
    },
    {
      "name": "CVE-2007-2447",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2447"
    },
    {
      "name": "CVE-2007-1484",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1484"
    },
    {
      "name": "CVE-2006-4019",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-4019"
    },
    {
      "name": "CVE-2007-2589",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2589"
    },
    {
      "name": "CVE-2007-2443",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2443"
    },
    {
      "name": "CVE-2007-3746",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-3746"
    }
  ],
  "initial_release_date": "2007-08-01T00:00:00",
  "last_revision_date": "2007-08-01T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Apple 2007-007 306172 du 30 juillet    2007 :",
      "url": "http://docs.info.apple.com/article.html?artnum=306172"
    }
  ],
  "reference": "CERTA-2007-AVI-340",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2007-08-01T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es : elles concernent le\nsyst\u00e8me d\u0027exploitation Mac OS X. L\u0027exploitation de ces derni\u00e8res peut\navoir des cons\u00e9quences vari\u00e9es, comme l\u0027ex\u00e9cution de code arbitraire, ou\nun dysfonctionnement du syst\u00e8me vuln\u00e9rable.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple Mac OS X",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Avis de s\u00e9curit\u00e9 Apple 2007-007 306172 du 30 juillet 2007",
      "url": null
    }
  ]
}

CERTA-2008-AVI-349

Vulnerability from certfr_avis - Published: 2008-07-04 - Updated: 2008-07-04

Plusieurs vulnérabilités de Sun Solaris permettent à une personne malintentionnée d'effectuer, entre autres, un déni de service à distance.

Description

De multiples vulnérabilités non documentées du serveur Tomcat de Sun Solaris permettent à une personne malveillante d'effectuer un déni de service à distance, un courtournement de la politique de sécurité, une atteinte à la confidentialité des données ou une injection de code indirecte.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	N/A	N/A	Sun Solaris 10.
	N/A	N/A	Sun Solaris 9 ;

References

Title

Publication Time

Tags

Bulletin de sécurité Sun Solaris #239312 du 30 juin 2008

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Sun Solaris 10.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Sun Solaris 9 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s non document\u00e9es du serveur Tomcat de Sun\nSolaris permettent \u00e0 une personne malveillante d\u0027effectuer un d\u00e9ni de\nservice \u00e0 distance, un courtournement de la politique de s\u00e9curit\u00e9, une\natteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es ou une injection de code\nindirecte.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2007-2450",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2450"
    },
    {
      "name": "CVE-2007-0450",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0450"
    },
    {
      "name": "CVE-2007-1358",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1358"
    },
    {
      "name": "CVE-2007-5461",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5461"
    },
    {
      "name": "CVE-2005-2090",
      "url": "https://www.cve.org/CVERecord?id=CVE-2005-2090"
    },
    {
      "name": "CVE-2002-2006",
      "url": "https://www.cve.org/CVERecord?id=CVE-2002-2006"
    },
    {
      "name": "CVE-2002-1394",
      "url": "https://www.cve.org/CVERecord?id=CVE-2002-1394"
    },
    {
      "name": "CVE-2005-3164",
      "url": "https://www.cve.org/CVERecord?id=CVE-2005-3164"
    },
    {
      "name": "CVE-2002-1148",
      "url": "https://www.cve.org/CVERecord?id=CVE-2002-1148"
    },
    {
      "name": "CVE-2005-3510",
      "url": "https://www.cve.org/CVERecord?id=CVE-2005-3510"
    },
    {
      "name": "CVE-2006-3835",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-3835"
    },
    {
      "name": "CVE-2003-0866",
      "url": "https://www.cve.org/CVERecord?id=CVE-2003-0866"
    },
    {
      "name": "CVE-2007-1355",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1355"
    }
  ],
  "initial_release_date": "2008-07-04T00:00:00",
  "last_revision_date": "2008-07-04T00:00:00",
  "links": [],
  "reference": "CERTA-2008-AVI-349",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2008-07-04T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s de \u003cspan class=\"textit\"\u003eSun Solaris\u003c/span\u003e\npermettent \u00e0 une personne malintentionn\u00e9e d\u0027effectuer, entre autres, un\nd\u00e9ni de service \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Sun Solaris",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Sun Solaris #239312 du 30 juin 2008",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-239312-1"
    }
  ]
}

CERTA-2007-AVI-157

Vulnerability from certfr_avis - Published: 2007-04-04 - Updated: 2007-04-04

Une vulnérabilité présente dans Apache Tomcat permet de contourner la politique de sécurité.

Description

Sous certaines conditions, comme l'utilisation d'un mode mandataire (proxy) tel que : mod_proxy, mod_rewrite ou mod_jk, un manque de contôle de l'adresse réticulaire (URL) permet à un utilisateur malveillant d'accèder à des informations présentes sur le serveur par le biais d'une requête spécialement conçue.

Solution

Les versions 5.5.22 et 6.0.10 d'Apache Tomcat corrigent le problème. Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Apache	Tomcat	Apache Tomcat versions antérieures à 5.5.22 ;
	Apache	Tomcat	Apache Tomcat versions antérieures à 6.0.10.

References

Title

Publication Time

Tags

bulletins de sécurité Apache Tomcat	None	vendor-advisory
Bulletin de sécurité Apache Tomcat 6.x :	-	other
Bulletin de sécurité Apache Tomcat 5.x :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Apache Tomcat versions ant\u00e9rieures \u00e0 5.5.22 ;",
      "product": {
        "name": "Tomcat",
        "vendor": {
          "name": "Apache",
          "scada": false
        }
      }
    },
    {
      "description": "Apache Tomcat versions ant\u00e9rieures \u00e0 6.0.10.",
      "product": {
        "name": "Tomcat",
        "vendor": {
          "name": "Apache",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nSous certaines conditions, comme l\u0027utilisation d\u0027un mode mandataire\n(proxy) tel que : mod_proxy, mod_rewrite ou mod_jk, un manque de cont\u00f4le\nde l\u0027adresse r\u00e9ticulaire (URL) permet \u00e0 un utilisateur malveillant\nd\u0027acc\u00e8der \u00e0 des informations pr\u00e9sentes sur le serveur par le biais d\u0027une\nrequ\u00eate sp\u00e9cialement con\u00e7ue.\n\n## Solution\n\nLes versions 5.5.22 et 6.0.10 d\u0027Apache Tomcat corrigent le probl\u00e8me. Se\nr\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2007-0450",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0450"
    }
  ],
  "initial_release_date": "2007-04-04T00:00:00",
  "last_revision_date": "2007-04-04T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Apache Tomcat 6.x :",
      "url": "http://tomcat.apache.org/security-6.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Apache Tomcat 5.x :",
      "url": "http://tomcat.apache.org/security-5.html"
    }
  ],
  "reference": "CERTA-2007-AVI-157",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2007-04-04T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 pr\u00e9sente dans Apache Tomcat permet de contourner la\npolitique de s\u00e9curit\u00e9.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Apache Tomcat",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "bulletins de s\u00e9curit\u00e9 Apache Tomcat",
      "url": null
    }
  ]
}

GSD-2007-0450

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2007-0450

Aliases

CVE-2007-0450

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2007-0450",
    "description": "Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) \"/\" (slash), (2) \"\\\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.",
    "id": "GSD-2007-0450",
    "references": [
      "https://www.suse.com/security/cve/CVE-2007-0450.html",
      "https://access.redhat.com/errata/RHSA-2010:0602",
      "https://access.redhat.com/errata/RHSA-2008:0524",
      "https://access.redhat.com/errata/RHSA-2008:0261",
      "https://access.redhat.com/errata/RHSA-2007:1069",
      "https://access.redhat.com/errata/RHSA-2007:0360",
      "https://access.redhat.com/errata/RHSA-2007:0340",
      "https://access.redhat.com/errata/RHSA-2007:0328",
      "https://access.redhat.com/errata/RHSA-2007:0327",
      "https://access.redhat.com/errata/RHSA-2007:0326",
      "https://linux.oracle.com/cve/CVE-2007-0450.html",
      "https://packetstormsecurity.com/files/cve/CVE-2007-0450"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2007-0450"
      ],
      "details": "Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) \"/\" (slash), (2) \"\\\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.",
      "id": "GSD-2007-0450",
      "modified": "2023-12-13T01:21:36.065989Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2007-0450",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) \"/\" (slash), (2) \"\\\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://tomcat.apache.org/security-4.html",
            "refsource": "MISC",
            "url": "http://tomcat.apache.org/security-4.html"
          },
          {
            "name": "http://tomcat.apache.org/security-5.html",
            "refsource": "MISC",
            "url": "http://tomcat.apache.org/security-5.html"
          },
          {
            "name": "http://tomcat.apache.org/security-6.html",
            "refsource": "MISC",
            "url": "http://tomcat.apache.org/security-6.html"
          },
          {
            "name": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E",
            "refsource": "MISC",
            "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E",
            "refsource": "MISC",
            "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E",
            "refsource": "MISC",
            "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "http://docs.info.apple.com/article.html?artnum=306172",
            "refsource": "MISC",
            "url": "http://docs.info.apple.com/article.html?artnum=306172"
          },
          {
            "name": "http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html",
            "refsource": "MISC",
            "url": "http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html"
          },
          {
            "name": "http://secunia.com/advisories/26235",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/26235"
          },
          {
            "name": "http://www.securityfocus.com/bid/25159",
            "refsource": "MISC",
            "url": "http://www.securityfocus.com/bid/25159"
          },
          {
            "name": "http://www.vupen.com/english/advisories/2007/2732",
            "refsource": "MISC",
            "url": "http://www.vupen.com/english/advisories/2007/2732"
          },
          {
            "name": "http://www.redhat.com/support/errata/RHSA-2008-0261.html",
            "refsource": "MISC",
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html"
          },
          {
            "name": "https://lists.apache.org/thread.html/277d42b48b6e9aef50949c0dcc79ce21693091d73da246b3c1981925%40%3Cdev.tomcat.apache.org%3E",
            "refsource": "MISC",
            "url": "https://lists.apache.org/thread.html/277d42b48b6e9aef50949c0dcc79ce21693091d73da246b3c1981925%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "https://lists.apache.org/thread.html/5b7a23e245c93235c503900da854a143596d901bf1a1f67e851a5de4%40%3Cdev.tomcat.apache.org%3E",
            "refsource": "MISC",
            "url": "https://lists.apache.org/thread.html/5b7a23e245c93235c503900da854a143596d901bf1a1f67e851a5de4%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "https://lists.apache.org/thread.html/8d2a579bbd977c225c70cb23b0ec54865fb0dab5da3eff1e060c9935%40%3Cdev.tomcat.apache.org%3E",
            "refsource": "MISC",
            "url": "https://lists.apache.org/thread.html/8d2a579bbd977c225c70cb23b0ec54865fb0dab5da3eff1e060c9935%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3E",
            "refsource": "MISC",
            "url": "https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "https://lists.apache.org/thread.html/r5c616dfc49156e4b06ffab842800c80f4425924d0f20c452c127a53c%40%3Cdev.tomcat.apache.org%3E",
            "refsource": "MISC",
            "url": "https://lists.apache.org/thread.html/r5c616dfc49156e4b06ffab842800c80f4425924d0f20c452c127a53c%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3E",
            "refsource": "MISC",
            "url": "https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795",
            "refsource": "MISC",
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795"
          },
          {
            "name": "http://secunia.com/advisories/27037",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/27037"
          },
          {
            "name": "http://www.vupen.com/english/advisories/2007/3386",
            "refsource": "MISC",
            "url": "http://www.vupen.com/english/advisories/2007/3386"
          },
          {
            "name": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx",
            "refsource": "MISC",
            "url": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx"
          },
          {
            "name": "http://lists.vmware.com/pipermail/security-announce/2008/000003.html",
            "refsource": "MISC",
            "url": "http://lists.vmware.com/pipermail/security-announce/2008/000003.html"
          },
          {
            "name": "http://secunia.com/advisories/28365",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/28365"
          },
          {
            "name": "http://secunia.com/advisories/33668",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/33668"
          },
          {
            "name": "http://support.avaya.com/elmodocs2/security/ASA-2007-206.htm",
            "refsource": "MISC",
            "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-206.htm"
          },
          {
            "name": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540",
            "refsource": "MISC",
            "url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540"
          },
          {
            "name": "http://www.redhat.com/support/errata/RHSA-2007-0327.html",
            "refsource": "MISC",
            "url": "http://www.redhat.com/support/errata/RHSA-2007-0327.html"
          },
          {
            "name": "http://www.securityfocus.com/archive/1/485938/100/0/threaded",
            "refsource": "MISC",
            "url": "http://www.securityfocus.com/archive/1/485938/100/0/threaded"
          },
          {
            "name": "http://www.securityfocus.com/archive/1/500396/100/0/threaded",
            "refsource": "MISC",
            "url": "http://www.securityfocus.com/archive/1/500396/100/0/threaded"
          },
          {
            "name": "http://www.securityfocus.com/archive/1/500412/100/0/threaded",
            "refsource": "MISC",
            "url": "http://www.securityfocus.com/archive/1/500412/100/0/threaded"
          },
          {
            "name": "http://www.vupen.com/english/advisories/2008/0065",
            "refsource": "MISC",
            "url": "http://www.vupen.com/english/advisories/2008/0065"
          },
          {
            "name": "http://www.vupen.com/english/advisories/2009/0233",
            "refsource": "MISC",
            "url": "http://www.vupen.com/english/advisories/2009/0233"
          },
          {
            "name": "http://secunia.com/advisories/24732",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/24732"
          },
          {
            "name": "http://secunia.com/advisories/25106",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/25106"
          },
          {
            "name": "http://secunia.com/advisories/25280",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/25280"
          },
          {
            "name": "http://secunia.com/advisories/26660",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/26660"
          },
          {
            "name": "http://secunia.com/advisories/30899",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/30899"
          },
          {
            "name": "http://secunia.com/advisories/30908",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/30908"
          },
          {
            "name": "http://security.gentoo.org/glsa/glsa-200705-03.xml",
            "refsource": "MISC",
            "url": "http://security.gentoo.org/glsa/glsa-200705-03.xml"
          },
          {
            "name": "http://securityreason.com/securityalert/2446",
            "refsource": "MISC",
            "url": "http://securityreason.com/securityalert/2446"
          },
          {
            "name": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1",
            "refsource": "MISC",
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1"
          },
          {
            "name": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200702e.html",
            "refsource": "MISC",
            "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200702e.html"
          },
          {
            "name": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:241",
            "refsource": "MISC",
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:241"
          },
          {
            "name": "http://www.novell.com/linux/security/advisories/2007_15_sr.html",
            "refsource": "MISC",
            "url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html"
          },
          {
            "name": "http://www.novell.com/linux/security/advisories/2007_5_sr.html",
            "refsource": "MISC",
            "url": "http://www.novell.com/linux/security/advisories/2007_5_sr.html"
          },
          {
            "name": "http://www.redhat.com/support/errata/RHSA-2007-0360.html",
            "refsource": "MISC",
            "url": "http://www.redhat.com/support/errata/RHSA-2007-0360.html"
          },
          {
            "name": "http://www.sec-consult.com/287.html",
            "refsource": "MISC",
            "url": "http://www.sec-consult.com/287.html"
          },
          {
            "name": "http://www.sec-consult.com/fileadmin/Advisories/20070314-0-apache_tomcat_directory_traversal.txt",
            "refsource": "MISC",
            "url": "http://www.sec-consult.com/fileadmin/Advisories/20070314-0-apache_tomcat_directory_traversal.txt"
          },
          {
            "name": "http://www.securityfocus.com/archive/1/462791/100/0/threaded",
            "refsource": "MISC",
            "url": "http://www.securityfocus.com/archive/1/462791/100/0/threaded"
          },
          {
            "name": "http://www.securityfocus.com/bid/22960",
            "refsource": "MISC",
            "url": "http://www.securityfocus.com/bid/22960"
          },
          {
            "name": "http://www.vupen.com/english/advisories/2007/0975",
            "refsource": "MISC",
            "url": "http://www.vupen.com/english/advisories/2007/0975"
          },
          {
            "name": "http://www.vupen.com/english/advisories/2007/3087",
            "refsource": "MISC",
            "url": "http://www.vupen.com/english/advisories/2007/3087"
          },
          {
            "name": "http://www.vupen.com/english/advisories/2008/1979/references",
            "refsource": "MISC",
            "url": "http://www.vupen.com/english/advisories/2008/1979/references"
          },
          {
            "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32988",
            "refsource": "MISC",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32988"
          },
          {
            "name": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10643",
            "refsource": "MISC",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10643"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "5.5.22",
                "versionStartIncluding": "5.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "6.0.10",
                "versionStartIncluding": "6.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:http_server:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2007-0450"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) \"/\" (slash), (2) \"\\\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-22"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "22960",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/22960"
            },
            {
              "name": "http://www.sec-consult.com/287.html",
              "refsource": "MISC",
              "tags": [
                "Broken Link"
              ],
              "url": "http://www.sec-consult.com/287.html"
            },
            {
              "name": "http://www.sec-consult.com/fileadmin/Advisories/20070314-0-apache_tomcat_directory_traversal.txt",
              "refsource": "MISC",
              "tags": [
                "Broken Link"
              ],
              "url": "http://www.sec-consult.com/fileadmin/Advisories/20070314-0-apache_tomcat_directory_traversal.txt"
            },
            {
              "name": "SUSE-SR:2007:005",
              "refsource": "SUSE",
              "tags": [
                "Broken Link"
              ],
              "url": "http://www.novell.com/linux/security/advisories/2007_5_sr.html"
            },
            {
              "name": "24732",
              "refsource": "SECUNIA",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://secunia.com/advisories/24732"
            },
            {
              "name": "GLSA-200705-03",
              "refsource": "GENTOO",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://security.gentoo.org/glsa/glsa-200705-03.xml"
            },
            {
              "name": "http://tomcat.apache.org/security-4.html",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://tomcat.apache.org/security-4.html"
            },
            {
              "name": "http://tomcat.apache.org/security-5.html",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://tomcat.apache.org/security-5.html"
            },
            {
              "name": "http://tomcat.apache.org/security-6.html",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://tomcat.apache.org/security-6.html"
            },
            {
              "name": "25106",
              "refsource": "SECUNIA",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://secunia.com/advisories/25106"
            },
            {
              "name": "RHSA-2007:0327",
              "refsource": "REDHAT",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2007-0327.html"
            },
            {
              "name": "25280",
              "refsource": "SECUNIA",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://secunia.com/advisories/25280"
            },
            {
              "name": "http://docs.info.apple.com/article.html?artnum=306172",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://docs.info.apple.com/article.html?artnum=306172"
            },
            {
              "name": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200702e.html",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200702e.html"
            },
            {
              "name": "http://support.avaya.com/elmodocs2/security/ASA-2007-206.htm",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-206.htm"
            },
            {
              "name": "APPLE-SA-2007-07-31",
              "refsource": "APPLE",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html"
            },
            {
              "name": "RHSA-2007:0360",
              "refsource": "REDHAT",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2007-0360.html"
            },
            {
              "name": "SUSE-SR:2007:015",
              "refsource": "SUSE",
              "tags": [
                "Broken Link"
              ],
              "url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html"
            },
            {
              "name": "25159",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/25159"
            },
            {
              "name": "26235",
              "refsource": "SECUNIA",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://secunia.com/advisories/26235"
            },
            {
              "name": "26660",
              "refsource": "SECUNIA",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://secunia.com/advisories/26660"
            },
            {
              "name": "27037",
              "refsource": "SECUNIA",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://secunia.com/advisories/27037"
            },
            {
              "name": "2446",
              "refsource": "SREASON",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://securityreason.com/securityalert/2446"
            },
            {
              "name": "MDKSA-2007:241",
              "refsource": "MANDRIVA",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:241"
            },
            {
              "name": "[Security-announce] 20080107 VMSA-2008-0002 Low severity security update for VirtualCenter and ESX Server 3.0.2, and ESX 3.0.1",
              "refsource": "MLIST",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://lists.vmware.com/pipermail/security-announce/2008/000003.html"
            },
            {
              "name": "28365",
              "refsource": "SECUNIA",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://secunia.com/advisories/28365"
            },
            {
              "name": "RHSA-2008:0261",
              "refsource": "REDHAT",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html"
            },
            {
              "name": "239312",
              "refsource": "SUNALERT",
              "tags": [
                "Broken Link"
              ],
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1"
            },
            {
              "name": "30908",
              "refsource": "SECUNIA",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://secunia.com/advisories/30908"
            },
            {
              "name": "30899",
              "refsource": "SECUNIA",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://secunia.com/advisories/30899"
            },
            {
              "name": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540",
              "refsource": "CONFIRM",
              "tags": [
                "Broken Link",
                "Third Party Advisory"
              ],
              "url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540"
            },
            {
              "name": "33668",
              "refsource": "SECUNIA",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://secunia.com/advisories/33668"
            },
            {
              "name": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx",
              "refsource": "CONFIRM",
              "tags": [
                "Broken Link"
              ],
              "url": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx"
            },
            {
              "name": "ADV-2009-0233",
              "refsource": "VUPEN",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/0233"
            },
            {
              "name": "ADV-2007-0975",
              "refsource": "VUPEN",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/0975"
            },
            {
              "name": "ADV-2007-3087",
              "refsource": "VUPEN",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/3087"
            },
            {
              "name": "ADV-2007-2732",
              "refsource": "VUPEN",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/2732"
            },
            {
              "name": "ADV-2007-3386",
              "refsource": "VUPEN",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/3386"
            },
            {
              "name": "ADV-2008-1979",
              "refsource": "VUPEN",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/1979/references"
            },
            {
              "name": "ADV-2008-0065",
              "refsource": "VUPEN",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/0065"
            },
            {
              "name": "SSRT071447",
              "refsource": "HP",
              "tags": [
                "Broken Link"
              ],
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795"
            },
            {
              "name": "tomcat-proxy-directory-traversal(32988)",
              "refsource": "XF",
              "tags": [
                "VDB Entry",
                "Third Party Advisory"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32988"
            },
            {
              "name": "oval:org.mitre.oval:def:10643",
              "refsource": "OVAL",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10643"
            },
            {
              "name": "20090127 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Updated - v1.1)",
              "refsource": "BUGTRAQ",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/archive/1/500412/100/0/threaded"
            },
            {
              "name": "20090124 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities",
              "refsource": "BUGTRAQ",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/archive/1/500396/100/0/threaded"
            },
            {
              "name": "20080108 VMSA-2008-0002 Low severity security update for VirtualCenter and ESX Server 3.0.2, and ESX 3.0.1",
              "refsource": "BUGTRAQ",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/archive/1/485938/100/0/threaded"
            },
            {
              "name": "20070314 SEC Consult SA-20070314-0 :: Apache HTTP Server / Tomcat directory traversal",
              "refsource": "BUGTRAQ",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/archive/1/462791/100/0/threaded"
            },
            {
              "name": "https://lists.apache.org/thread.html/8d2a579bbd977c225c70cb23b0ec54865fb0dab5da3eff1e060c9935%40%3Cdev.tomcat.apache.org%3E",
              "refsource": "MISC",
              "tags": [],
              "url": "https://lists.apache.org/thread.html/8d2a579bbd977c225c70cb23b0ec54865fb0dab5da3eff1e060c9935%40%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E",
              "refsource": "MISC",
              "tags": [],
              "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "https://lists.apache.org/thread.html/277d42b48b6e9aef50949c0dcc79ce21693091d73da246b3c1981925%40%3Cdev.tomcat.apache.org%3E",
              "refsource": "MISC",
              "tags": [],
              "url": "https://lists.apache.org/thread.html/277d42b48b6e9aef50949c0dcc79ce21693091d73da246b3c1981925%40%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E",
              "refsource": "MISC",
              "tags": [],
              "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E",
              "refsource": "MISC",
              "tags": [],
              "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "https://lists.apache.org/thread.html/r5c616dfc49156e4b06ffab842800c80f4425924d0f20c452c127a53c%40%3Cdev.tomcat.apache.org%3E",
              "refsource": "MISC",
              "tags": [],
              "url": "https://lists.apache.org/thread.html/r5c616dfc49156e4b06ffab842800c80f4425924d0f20c452c127a53c%40%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "https://lists.apache.org/thread.html/5b7a23e245c93235c503900da854a143596d901bf1a1f67e851a5de4%40%3Cdev.tomcat.apache.org%3E",
              "refsource": "MISC",
              "tags": [],
              "url": "https://lists.apache.org/thread.html/5b7a23e245c93235c503900da854a143596d901bf1a1f67e851a5de4%40%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3E",
              "refsource": "MISC",
              "tags": [],
              "url": "https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3E",
              "refsource": "MISC",
              "tags": [],
              "url": "https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3E"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2023-02-13T02:17Z",
      "publishedDate": "2007-03-16T22:19Z"
    }
  }
}

FKIE_CVE-2007-0450

Vulnerability from fkie_nvd - Published: 2007-03-16 22:19 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
secalert@redhat.com	http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx	Broken Link
secalert@redhat.com	http://docs.info.apple.com/article.html?artnum=306172	Third Party Advisory
secalert@redhat.com	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795	Broken Link
secalert@redhat.com	http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html	Mailing List, Third Party Advisory
secalert@redhat.com	http://lists.vmware.com/pipermail/security-announce/2008/000003.html	Third Party Advisory
secalert@redhat.com	http://secunia.com/advisories/24732	Third Party Advisory
secalert@redhat.com	http://secunia.com/advisories/25106	Third Party Advisory
secalert@redhat.com	http://secunia.com/advisories/25280	Third Party Advisory
secalert@redhat.com	http://secunia.com/advisories/26235	Third Party Advisory
secalert@redhat.com	http://secunia.com/advisories/26660	Third Party Advisory
secalert@redhat.com	http://secunia.com/advisories/27037	Third Party Advisory
secalert@redhat.com	http://secunia.com/advisories/28365	Third Party Advisory
secalert@redhat.com	http://secunia.com/advisories/30899	Third Party Advisory
secalert@redhat.com	http://secunia.com/advisories/30908	Third Party Advisory
secalert@redhat.com	http://secunia.com/advisories/33668	Third Party Advisory
secalert@redhat.com	http://security.gentoo.org/glsa/glsa-200705-03.xml	Third Party Advisory
secalert@redhat.com	http://securityreason.com/securityalert/2446	Third Party Advisory
secalert@redhat.com	http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1	Broken Link
secalert@redhat.com	http://support.avaya.com/elmodocs2/security/ASA-2007-206.htm	Third Party Advisory
secalert@redhat.com	http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540	Broken Link, Third Party Advisory
secalert@redhat.com	http://tomcat.apache.org/security-4.html	Vendor Advisory
secalert@redhat.com	http://tomcat.apache.org/security-5.html	Vendor Advisory
secalert@redhat.com	http://tomcat.apache.org/security-6.html	Vendor Advisory
secalert@redhat.com	http://www.fujitsu.com/global/support/software/security/products-f/interstage-200702e.html	Third Party Advisory
secalert@redhat.com	http://www.mandriva.com/security/advisories?name=MDKSA-2007:241	Third Party Advisory
secalert@redhat.com	http://www.novell.com/linux/security/advisories/2007_15_sr.html	Broken Link
secalert@redhat.com	http://www.novell.com/linux/security/advisories/2007_5_sr.html	Broken Link
secalert@redhat.com	http://www.redhat.com/support/errata/RHSA-2007-0327.html	Third Party Advisory
secalert@redhat.com	http://www.redhat.com/support/errata/RHSA-2007-0360.html	Third Party Advisory
secalert@redhat.com	http://www.redhat.com/support/errata/RHSA-2008-0261.html	Third Party Advisory
secalert@redhat.com	http://www.sec-consult.com/287.html	Broken Link
secalert@redhat.com	http://www.sec-consult.com/fileadmin/Advisories/20070314-0-apache_tomcat_directory_traversal.txt	Broken Link
secalert@redhat.com	http://www.securityfocus.com/archive/1/462791/100/0/threaded	Third Party Advisory, VDB Entry
secalert@redhat.com	http://www.securityfocus.com/archive/1/485938/100/0/threaded	Third Party Advisory, VDB Entry
secalert@redhat.com	http://www.securityfocus.com/archive/1/500396/100/0/threaded	Third Party Advisory, VDB Entry
secalert@redhat.com	http://www.securityfocus.com/archive/1/500412/100/0/threaded	Third Party Advisory, VDB Entry
secalert@redhat.com	http://www.securityfocus.com/bid/22960	Third Party Advisory, VDB Entry
secalert@redhat.com	http://www.securityfocus.com/bid/25159	Third Party Advisory, VDB Entry
secalert@redhat.com	http://www.vupen.com/english/advisories/2007/0975	Third Party Advisory
secalert@redhat.com	http://www.vupen.com/english/advisories/2007/2732	Third Party Advisory
secalert@redhat.com	http://www.vupen.com/english/advisories/2007/3087	Third Party Advisory
secalert@redhat.com	http://www.vupen.com/english/advisories/2007/3386	Third Party Advisory
secalert@redhat.com	http://www.vupen.com/english/advisories/2008/0065	Third Party Advisory
secalert@redhat.com	http://www.vupen.com/english/advisories/2008/1979/references	Third Party Advisory
secalert@redhat.com	http://www.vupen.com/english/advisories/2009/0233	Third Party Advisory
secalert@redhat.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/32988	Third Party Advisory, VDB Entry
secalert@redhat.com	https://lists.apache.org/thread.html/277d42b48b6e9aef50949c0dcc79ce21693091d73da246b3c1981925%40%3Cdev.tomcat.apache.org%3E
secalert@redhat.com	https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E
secalert@redhat.com	https://lists.apache.org/thread.html/5b7a23e245c93235c503900da854a143596d901bf1a1f67e851a5de4%40%3Cdev.tomcat.apache.org%3E
secalert@redhat.com	https://lists.apache.org/thread.html/8d2a579bbd977c225c70cb23b0ec54865fb0dab5da3eff1e060c9935%40%3Cdev.tomcat.apache.org%3E
secalert@redhat.com	https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3E
secalert@redhat.com	https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E
secalert@redhat.com	https://lists.apache.org/thread.html/r5c616dfc49156e4b06ffab842800c80f4425924d0f20c452c127a53c%40%3Cdev.tomcat.apache.org%3E
secalert@redhat.com	https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E
secalert@redhat.com	https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3E
secalert@redhat.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10643	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://docs.info.apple.com/article.html?artnum=306172	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.vmware.com/pipermail/security-announce/2008/000003.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/24732	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/25106	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/25280	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/26235	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/26660	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/27037	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/28365	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/30899	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/30908	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/33668	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://security.gentoo.org/glsa/glsa-200705-03.xml	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/2446	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://support.avaya.com/elmodocs2/security/ASA-2007-206.htm	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540	Broken Link, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://tomcat.apache.org/security-4.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://tomcat.apache.org/security-5.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://tomcat.apache.org/security-6.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.fujitsu.com/global/support/software/security/products-f/interstage-200702e.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDKSA-2007:241	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.novell.com/linux/security/advisories/2007_15_sr.html	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://www.novell.com/linux/security/advisories/2007_5_sr.html	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2007-0327.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2007-0360.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2008-0261.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.sec-consult.com/287.html	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://www.sec-consult.com/fileadmin/Advisories/20070314-0-apache_tomcat_directory_traversal.txt	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/462791/100/0/threaded	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/485938/100/0/threaded	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/500396/100/0/threaded	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/500412/100/0/threaded	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/22960	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/25159	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/0975	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/2732	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/3087	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/3386	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/0065	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/1979/references	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/0233	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/32988	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/277d42b48b6e9aef50949c0dcc79ce21693091d73da246b3c1981925%40%3Cdev.tomcat.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/5b7a23e245c93235c503900da854a143596d901bf1a1f67e851a5de4%40%3Cdev.tomcat.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/8d2a579bbd977c225c70cb23b0ec54865fb0dab5da3eff1e060c9935%40%3Cdev.tomcat.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/r5c616dfc49156e4b06ffab842800c80f4425924d0f20c452c127a53c%40%3Cdev.tomcat.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10643	Third Party Advisory

Impacted products

Vendor	Product	Version
apache	http_server	-
apache	tomcat	*
apache	tomcat	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apache:http_server:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D623D8C0-65D2-4269-A1D4-5CB3899F44C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4631692-97B8-426F-83BB-B5A1F3FCEA98",
              "versionEndExcluding": "5.5.22",
              "versionStartIncluding": "5.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "06292F1F-4C79-4FC5-8D06-9105CF6F0EA7",
              "versionEndExcluding": "6.0.10",
              "versionStartIncluding": "6.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) \"/\" (slash), (2) \"\\\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de salto de directorio en Apache HTTP Server y Tomcat 5.x anterior a 5.5.22 y 6.x anterior a 6.0.10, al usar ciertos m\u00f3dulos de proxy (mod_proxy, mod_rewrite, mod_jk), permite a atacantes remotos leer ficheros de su elecci\u00f3n mediante una secuencia .. (punto punto) con combinaciones de caracteres (1) \"/\" (barra), (2) \"\\\" (barra invertida), y (3) barra invertida con  codificaci\u00f3n de URL (%5C), los cuales son separadores v\u00e1lidos en Tomcat pero no en Apache."
    }
  ],
  "id": "CVE-2007-0450",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-03-16T22:19:00.000",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://docs.info.apple.com/article.html?artnum=306172"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.vmware.com/pipermail/security-announce/2008/000003.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/24732"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/25106"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/25280"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/26235"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/26660"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/27037"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/28365"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/30899"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/30908"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/33668"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://security.gentoo.org/glsa/glsa-200705-03.xml"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://securityreason.com/securityalert/2446"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-206.htm"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory"
      ],
      "url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tomcat.apache.org/security-4.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tomcat.apache.org/security-5.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tomcat.apache.org/security-6.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200702e.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:241"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.novell.com/linux/security/advisories/2007_5_sr.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2007-0327.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2007-0360.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.sec-consult.com/287.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.sec-consult.com/fileadmin/Advisories/20070314-0-apache_tomcat_directory_traversal.txt"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/archive/1/462791/100/0/threaded"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/archive/1/485938/100/0/threaded"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/archive/1/500396/100/0/threaded"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/archive/1/500412/100/0/threaded"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/22960"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/25159"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2007/0975"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2007/2732"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2007/3087"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2007/3386"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/0065"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/1979/references"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/0233"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32988"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://lists.apache.org/thread.html/277d42b48b6e9aef50949c0dcc79ce21693091d73da246b3c1981925%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://lists.apache.org/thread.html/5b7a23e245c93235c503900da854a143596d901bf1a1f67e851a5de4%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://lists.apache.org/thread.html/8d2a579bbd977c225c70cb23b0ec54865fb0dab5da3eff1e060c9935%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://lists.apache.org/thread.html/r5c616dfc49156e4b06ffab842800c80f4425924d0f20c452c127a53c%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10643"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://docs.info.apple.com/article.html?artnum=306172"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.vmware.com/pipermail/security-announce/2008/000003.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/24732"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/25106"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/25280"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/26235"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/26660"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/27037"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/28365"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/30899"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/30908"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/33668"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://security.gentoo.org/glsa/glsa-200705-03.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://securityreason.com/securityalert/2446"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-206.htm"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory"
      ],
      "url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tomcat.apache.org/security-4.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tomcat.apache.org/security-5.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tomcat.apache.org/security-6.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200702e.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:241"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.novell.com/linux/security/advisories/2007_5_sr.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2007-0327.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2007-0360.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.sec-consult.com/287.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.sec-consult.com/fileadmin/Advisories/20070314-0-apache_tomcat_directory_traversal.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/archive/1/462791/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/archive/1/485938/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/archive/1/500396/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/archive/1/500412/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/22960"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/25159"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2007/0975"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2007/2732"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2007/3087"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2007/3386"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/0065"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/1979/references"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/0233"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32988"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/277d42b48b6e9aef50949c0dcc79ce21693091d73da246b3c1981925%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/5b7a23e245c93235c503900da854a143596d901bf1a1f67e851a5de4%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/8d2a579bbd977c225c70cb23b0ec54865fb0dab5da3eff1e060c9935%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r5c616dfc49156e4b06ffab842800c80f4425924d0f20c452c127a53c%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10643"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-4PRH-GQW8-RGH5

Vulnerability from github – Published: 2022-05-01 17:44 – Updated: 2023-09-21 23:07

Summary

Apache Tomcat Directory Traversal

Details

Directory traversal vulnerability in Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) / (slash), (2) \ (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.tomcat:tomcat"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "5.0"
            },
            {
              "fixed": "5.5.22"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.tomcat:tomcat"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "6.0"
            },
            {
              "fixed": "6.0.10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2007-0450"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-22"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-09-21T23:07:55Z",
    "nvd_published_at": "2007-03-16T22:19:00Z",
    "severity": "MODERATE"
  },
  "details": "Directory traversal vulnerability in Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a `..` (dot dot) sequence with combinations of (1) `/` (slash), (2) `\\` (backslash), and (3) URL-encoded backslash (`%5C`) characters in the URL, which are valid separators in Tomcat but not in Apache.",
  "id": "GHSA-4prh-gqw8-rgh5",
  "modified": "2023-09-21T23:07:55Z",
  "published": "2022-05-01T17:44:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-0450"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/tomcat/commit/0c5ec5b958f1b59840ee155a23ab409755b039f6"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/tomcat/commit/19ec1ccd17fbb98511bc1c12b255253c4f48b85f"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/tomcat/commit/ec7ff880dbc28b313bf3a2b1914f6f0371489793"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d@%3Cdev.tomcat.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r5c616dfc49156e4b06ffab842800c80f4425924d0f20c452c127a53c@%3Cdev.tomcat.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r5c616dfc49156e4b06ffab842800c80f4425924d0f20c452c127a53c%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d@%3Cdev.tomcat.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/8d2a579bbd977c225c70cb23b0ec54865fb0dab5da3eff1e060c9935@%3Cdev.tomcat.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/8d2a579bbd977c225c70cb23b0ec54865fb0dab5da3eff1e060c9935%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/5b7a23e245c93235c503900da854a143596d901bf1a1f67e851a5de4@%3Cdev.tomcat.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/5b7a23e245c93235c503900da854a143596d901bf1a1f67e851a5de4%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/277d42b48b6e9aef50949c0dcc79ce21693091d73da246b3c1981925@%3Cdev.tomcat.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/277d42b48b6e9aef50949c0dcc79ce21693091d73da246b3c1981925%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/apache/tomcat"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32988"
    },
    {
      "type": "WEB",
      "url": "http://docs.info.apple.com/article.html?artnum=306172"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.vmware.com/pipermail/security-announce/2008/000003.html"
    },
    {
      "type": "WEB",
      "url": "http://security.gentoo.org/glsa/glsa-200705-03.xml"
    },
    {
      "type": "WEB",
      "url": "http://tomcat.apache.org/security-4.html"
    },
    {
      "type": "WEB",
      "url": "http://tomcat.apache.org/security-5.html"
    },
    {
      "type": "WEB",
      "url": "http://tomcat.apache.org/security-6.html"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2007-0327.html"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2007-0360.html"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [],
  "summary": "Apache Tomcat Directory Traversal"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2007-0450 (GCVE-0-2007-0450)

Description

Solution

Description

Solution

Description

Solution

Description

Solution

Description

Solution

Tags

Sightings

Nomenclature