Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
freebsdFreeBSDD9405748-1342-11DC-A35C-001485AB073E
HistoryMay 18, 2007 - 12:00 a.m.

mod_jk -- information disclosure

2007-05-1800:00:00
vuxml.freebsd.org
13

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.012 Low

EPSS

Percentile

85.1%

JSON

Kazu Nambo reports:

URL decoding the the Apache webserver prior to
decoding in the Tomcat server could pypass access
control rules and give access to pages on a different
AJP by sending a crafted URL.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchmod_jk< 1.2.23,1UNKNOWN
FreeBSDanynoarchmod_jk-ap2< 1.2.23UNKNOWN

Related

openvas 10
debian 1
nessus 10
redhat 4
gentoo 1
tomcat 3
debiancve 1
prion 1
cve 1
ubuntucve 1
securityvulns 1
seebug 1
openvas
openvas
Gentoo Security Advisory GLSA 200708-15 (mod_jk)
2008-09-24 00:00:00
Debian: Security Advisory (DSA-1312-1)
2008-01-17 00:00:00
Gentoo Security Advisory GLSA 200708-15 (mod_jk)
2008-09-24 00:00:00
debian
debian
[SECURITY] [DSA 1312-1] New libapache-mod-jk packages fix information disclosure
2007-06-17 23:26:28
nessus
nessus
FreeBSD : mod_jk -- information disclosure (d9405748-1342-11dc-a35c-001485ab073e)
2007-06-05 00:00:00
Debian DSA-1312-1 : libapache-mod-jk - programming error
2007-06-21 00:00:00
GLSA-200708-15 : Apache mod_jk: Directory traversal
2007-08-21 00:00:00
redhat
redhat
(RHSA-2007:0379) Important: mod_jk security update
2007-05-30 00:00:00
(RHSA-2007:0380) Important: mod_jk security update
2007-05-30 00:00:00
(RHSA-2008:0524) Low: Red Hat Network Satellite Server security update
2008-06-30 00:00:00
gentoo
gentoo
Apache mod_jk: Directory traversal
2007-08-19 00:00:00
tomcat
tomcat
Fixed in Apache Tomcat 5.5.22, 5.0.SVN
2007-01-23 00:00:00
Fixed in Apache Tomcat JK Connector 1.2.23
2007-01-23 00:00:00
Fixed in Apache Tomcat 4.1.36
2005-06-30 00:00:00
debiancve
debiancve
CVE-2007-1860
2007-05-25 18:30:00
prion
prion
Directory traversal
2007-05-25 18:30:00
cve
cve
CVE-2007-1860
2007-05-25 18:30:00
ubuntucve
ubuntucve
CVE-2007-1860
2007-05-25 00:00:00
securityvulns
securityvulns
Apache Tomcat directory traversal
2007-03-14 00:00:00
seebug
seebug
Mac OS X 2007-007更新修复多个安全漏洞
2007-08-02 00:00:00

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.012 Low

EPSS

Percentile

85.1%

JSON
Related for D9405748-1342-11DC-A35C-001485AB073E
openvas10debian1nessus10redhat4gentoo1tomcat3debiancve1prion1cve1ubuntucve1securityvulns1seebug1