5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.973 High
EPSS
Percentile
99.8%
Important: Directory traversal CVE-2007-0450
The fix for this issue was insufficient. A fix was also required in the JK connector module for httpd. See CVE-2007-1860 for further information.
Tomcat permits '', ‘%2F’ and ‘%5C’ as path delimiters. When Tomcat is used behind a proxy (including, but not limited to, Apache HTTP server with mod_proxy and mod_jk) configured to only proxy some contexts, a HTTP request containing strings like “/\…/” may allow attackers to work around the context restriction of the proxy, and access the non-proxied contexts.
The following Java system properties have been added to Tomcat to provide additional control of the handling of path delimiters in URLs (both options default to false):
Due to the impossibility to guarantee that all URLs are handled by Tomcat as they are in proxy servers, Tomcat should always be secured as if no proxy restricting context access was used.
Affects: 5.0.0-5.0.30, 5.5.0-5.5.21
CPE | Name | Operator | Version |
---|---|---|---|
apache tomcat | ge | 5.0.0 | |
apache tomcat | le | 5.0.30 | |
apache tomcat | ge | 5.5.0 | |
apache tomcat | le | 5.5.21 |