github - ghsa-4prh-gqw8-rgh5

ghsa-4prh-gqw8-rgh5

Vulnerability from github

Published

2022-05-01 17:44

Modified

2023-09-21 23:07

Summary

Apache Tomcat Directory Traversal

Details

Directory traversal vulnerability in Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) / (slash), (2) \ (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.

Show details on source website

JSON

To clipboard

{
   affected: [
      {
         package: {
            ecosystem: "Maven",
            name: "org.apache.tomcat:tomcat",
         },
         ranges: [
            {
               events: [
                  {
                     introduced: "5.0",
                  },
                  {
                     fixed: "5.5.22",
                  },
               ],
               type: "ECOSYSTEM",
            },
         ],
      },
      {
         package: {
            ecosystem: "Maven",
            name: "org.apache.tomcat:tomcat",
         },
         ranges: [
            {
               events: [
                  {
                     introduced: "6.0",
                  },
                  {
                     fixed: "6.0.10",
                  },
               ],
               type: "ECOSYSTEM",
            },
         ],
      },
   ],
   aliases: [
      "CVE-2007-0450",
   ],
   database_specific: {
      cwe_ids: [
         "CWE-22",
      ],
      github_reviewed: true,
      github_reviewed_at: "2023-09-21T23:07:55Z",
      nvd_published_at: "2007-03-16T22:19:00Z",
      severity: "MODERATE",
   },
   details: "Directory traversal vulnerability in Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a `..` (dot dot) sequence with combinations of (1) `/` (slash), (2) `\\` (backslash), and (3) URL-encoded backslash (`%5C`) characters in the URL, which are valid separators in Tomcat but not in Apache.",
   id: "GHSA-4prh-gqw8-rgh5",
   modified: "2023-09-21T23:07:55Z",
   published: "2022-05-01T17:44:16Z",
   references: [
      {
         type: "ADVISORY",
         url: "https://nvd.nist.gov/vuln/detail/CVE-2007-0450",
      },
      {
         type: "WEB",
         url: "https://github.com/apache/tomcat/commit/0c5ec5b958f1b59840ee155a23ab409755b039f6",
      },
      {
         type: "WEB",
         url: "https://github.com/apache/tomcat/commit/19ec1ccd17fbb98511bc1c12b255253c4f48b85f",
      },
      {
         type: "WEB",
         url: "https://github.com/apache/tomcat/commit/ec7ff880dbc28b313bf3a2b1914f6f0371489793",
      },
      {
         type: "WEB",
         url: "https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d@%3Cdev.tomcat.apache.org%3E",
      },
      {
         type: "WEB",
         url: "https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3E",
      },
      {
         type: "WEB",
         url: "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E",
      },
      {
         type: "WEB",
         url: "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E",
      },
      {
         type: "WEB",
         url: "https://lists.apache.org/thread.html/r5c616dfc49156e4b06ffab842800c80f4425924d0f20c452c127a53c@%3Cdev.tomcat.apache.org%3E",
      },
      {
         type: "WEB",
         url: "https://lists.apache.org/thread.html/r5c616dfc49156e4b06ffab842800c80f4425924d0f20c452c127a53c%40%3Cdev.tomcat.apache.org%3E",
      },
      {
         type: "WEB",
         url: "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E",
      },
      {
         type: "WEB",
         url: "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E",
      },
      {
         type: "WEB",
         url: "https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d@%3Cdev.tomcat.apache.org%3E",
      },
      {
         type: "WEB",
         url: "https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3E",
      },
      {
         type: "WEB",
         url: "https://lists.apache.org/thread.html/8d2a579bbd977c225c70cb23b0ec54865fb0dab5da3eff1e060c9935@%3Cdev.tomcat.apache.org%3E",
      },
      {
         type: "WEB",
         url: "https://lists.apache.org/thread.html/8d2a579bbd977c225c70cb23b0ec54865fb0dab5da3eff1e060c9935%40%3Cdev.tomcat.apache.org%3E",
      },
      {
         type: "WEB",
         url: "https://lists.apache.org/thread.html/5b7a23e245c93235c503900da854a143596d901bf1a1f67e851a5de4@%3Cdev.tomcat.apache.org%3E",
      },
      {
         type: "WEB",
         url: "https://lists.apache.org/thread.html/5b7a23e245c93235c503900da854a143596d901bf1a1f67e851a5de4%40%3Cdev.tomcat.apache.org%3E",
      },
      {
         type: "WEB",
         url: "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E",
      },
      {
         type: "WEB",
         url: "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E",
      },
      {
         type: "WEB",
         url: "https://lists.apache.org/thread.html/277d42b48b6e9aef50949c0dcc79ce21693091d73da246b3c1981925@%3Cdev.tomcat.apache.org%3E",
      },
      {
         type: "WEB",
         url: "https://lists.apache.org/thread.html/277d42b48b6e9aef50949c0dcc79ce21693091d73da246b3c1981925%40%3Cdev.tomcat.apache.org%3E",
      },
      {
         type: "PACKAGE",
         url: "https://github.com/apache/tomcat",
      },
      {
         type: "WEB",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/32988",
      },
      {
         type: "WEB",
         url: "http://docs.info.apple.com/article.html?artnum=306172",
      },
      {
         type: "WEB",
         url: "http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html",
      },
      {
         type: "WEB",
         url: "http://lists.vmware.com/pipermail/security-announce/2008/000003.html",
      },
      {
         type: "WEB",
         url: "http://security.gentoo.org/glsa/glsa-200705-03.xml",
      },
      {
         type: "WEB",
         url: "http://tomcat.apache.org/security-4.html",
      },
      {
         type: "WEB",
         url: "http://tomcat.apache.org/security-5.html",
      },
      {
         type: "WEB",
         url: "http://tomcat.apache.org/security-6.html",
      },
      {
         type: "WEB",
         url: "http://www.redhat.com/support/errata/RHSA-2007-0327.html",
      },
      {
         type: "WEB",
         url: "http://www.redhat.com/support/errata/RHSA-2007-0360.html",
      },
      {
         type: "WEB",
         url: "http://www.redhat.com/support/errata/RHSA-2008-0261.html",
      },
   ],
   schema_version: "1.4.0",
   severity: [],
   summary: "Apache Tomcat Directory Traversal",
}

cve-2007-0450

Vulnerability from cvelistv5

Published

2007-03-16 22:00

Modified

2024-08-07 12:19

Severity ?

Summary

Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.

References

▼	URL	Tags
	http://tomcat.apache.org/security-4.html	x_refsource_CONFIRM
	http://secunia.com/advisories/30908	third-party-advisory, x_refsource_SECUNIA
	http://lists.vmware.com/pipermail/security-announce/2008/000003.html	mailing-list, x_refsource_MLIST
	http://www.vupen.com/english/advisories/2007/2732	vdb-entry, x_refsource_VUPEN
	http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1	vendor-advisory, x_refsource_SUNALERT
	http://www.vupen.com/english/advisories/2007/3087	vdb-entry, x_refsource_VUPEN
	https://exchange.xforce.ibmcloud.com/vulnerabilities/32988	vdb-entry, x_refsource_XF
	http://secunia.com/advisories/30899	third-party-advisory, x_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2008/1979/references	vdb-entry, x_refsource_VUPEN
	http://www.novell.com/linux/security/advisories/2007_5_sr.html	vendor-advisory, x_refsource_SUSE
	http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html	vendor-advisory, x_refsource_APPLE
	http://www.vupen.com/english/advisories/2008/0065	vdb-entry, x_refsource_VUPEN
	http://www.securityfocus.com/archive/1/500412/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
	http://secunia.com/advisories/33668	third-party-advisory, x_refsource_SECUNIA
	http://www.securityfocus.com/archive/1/485938/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
	http://www.securityfocus.com/archive/1/500396/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
	http://secunia.com/advisories/25280	third-party-advisory, x_refsource_SECUNIA
	http://www.redhat.com/support/errata/RHSA-2007-0360.html	vendor-advisory, x_refsource_REDHAT
	http://secunia.com/advisories/24732	third-party-advisory, x_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2009/0233	vdb-entry, x_refsource_VUPEN
	http://www.securityfocus.com/bid/22960	vdb-entry, x_refsource_BID
	http://secunia.com/advisories/28365	third-party-advisory, x_refsource_SECUNIA
	http://support.avaya.com/elmodocs2/security/ASA-2007-206.htm	x_refsource_CONFIRM
	http://tomcat.apache.org/security-6.html	x_refsource_CONFIRM
	http://www.sec-consult.com/287.html	x_refsource_MISC
	http://www.vupen.com/english/advisories/2007/3386	vdb-entry, x_refsource_VUPEN
	http://www.sec-consult.com/fileadmin/Advisories/20070314-0-apache_tomcat_directory_traversal.txt	x_refsource_MISC
	http://www.redhat.com/support/errata/RHSA-2007-0327.html	vendor-advisory, x_refsource_REDHAT
	http://secunia.com/advisories/27037	third-party-advisory, x_refsource_SECUNIA
	http://docs.info.apple.com/article.html?artnum=306172	x_refsource_CONFIRM
	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795	vendor-advisory, x_refsource_HP
	http://www.vupen.com/english/advisories/2007/0975	vdb-entry, x_refsource_VUPEN
	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795	vendor-advisory, x_refsource_HP
	http://tomcat.apache.org/security-5.html	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/25159	vdb-entry, x_refsource_BID
	http://secunia.com/advisories/26660	third-party-advisory, x_refsource_SECUNIA
	http://www.redhat.com/support/errata/RHSA-2008-0261.html	vendor-advisory, x_refsource_REDHAT
	http://www.fujitsu.com/global/support/software/security/products-f/interstage-200702e.html	x_refsource_CONFIRM
	http://security.gentoo.org/glsa/glsa-200705-03.xml	vendor-advisory, x_refsource_GENTOO
	http://secunia.com/advisories/25106	third-party-advisory, x_refsource_SECUNIA
	http://securityreason.com/securityalert/2446	third-party-advisory, x_refsource_SREASON
	http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx	x_refsource_CONFIRM
	http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540	x_refsource_CONFIRM
	http://www.securityfocus.com/archive/1/462791/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
	http://www.mandriva.com/security/advisories?name=MDKSA-2007:241	vendor-advisory, x_refsource_MANDRIVA
	http://www.novell.com/linux/security/advisories/2007_15_sr.html	vendor-advisory, x_refsource_SUSE
	http://secunia.com/advisories/26235	third-party-advisory, x_refsource_SECUNIA
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10643	vdb-entry, signature, x_refsource_OVAL
	https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/8d2a579bbd977c225c70cb23b0ec54865fb0dab5da3eff1e060c9935%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/277d42b48b6e9aef50949c0dcc79ce21693091d73da246b3c1981925%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/5b7a23e245c93235c503900da854a143596d901bf1a1f67e851a5de4%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/r5c616dfc49156e4b06ffab842800c80f4425924d0f20c452c127a53c%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-07T12:19:30.290Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://tomcat.apache.org/security-4.html",
               },
               {
                  name: "30908",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/30908",
               },
               {
                  name: "[Security-announce] 20080107 VMSA-2008-0002 Low severity security update for VirtualCenter and ESX Server 3.0.2, and ESX 3.0.1",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://lists.vmware.com/pipermail/security-announce/2008/000003.html",
               },
               {
                  name: "ADV-2007-2732",
                  tags: [
                     "vdb-entry",
                     "x_refsource_VUPEN",
                     "x_transferred",
                  ],
                  url: "http://www.vupen.com/english/advisories/2007/2732",
               },
               {
                  name: "239312",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUNALERT",
                     "x_transferred",
                  ],
                  url: "http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1",
               },
               {
                  name: "ADV-2007-3087",
                  tags: [
                     "vdb-entry",
                     "x_refsource_VUPEN",
                     "x_transferred",
                  ],
                  url: "http://www.vupen.com/english/advisories/2007/3087",
               },
               {
                  name: "tomcat-proxy-directory-traversal(32988)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/32988",
               },
               {
                  name: "30899",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/30899",
               },
               {
                  name: "ADV-2008-1979",
                  tags: [
                     "vdb-entry",
                     "x_refsource_VUPEN",
                     "x_transferred",
                  ],
                  url: "http://www.vupen.com/english/advisories/2008/1979/references",
               },
               {
                  name: "SUSE-SR:2007:005",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://www.novell.com/linux/security/advisories/2007_5_sr.html",
               },
               {
                  name: "APPLE-SA-2007-07-31",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_APPLE",
                     "x_transferred",
                  ],
                  url: "http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html",
               },
               {
                  name: "ADV-2008-0065",
                  tags: [
                     "vdb-entry",
                     "x_refsource_VUPEN",
                     "x_transferred",
                  ],
                  url: "http://www.vupen.com/english/advisories/2008/0065",
               },
               {
                  name: "20090127 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Updated - v1.1)",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/archive/1/500412/100/0/threaded",
               },
               {
                  name: "33668",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/33668",
               },
               {
                  name: "20080108 VMSA-2008-0002 Low severity security update for VirtualCenter and ESX Server 3.0.2, and ESX 3.0.1",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/archive/1/485938/100/0/threaded",
               },
               {
                  name: "20090124 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/archive/1/500396/100/0/threaded",
               },
               {
                  name: "25280",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/25280",
               },
               {
                  name: "RHSA-2007:0360",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2007-0360.html",
               },
               {
                  name: "24732",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/24732",
               },
               {
                  name: "ADV-2009-0233",
                  tags: [
                     "vdb-entry",
                     "x_refsource_VUPEN",
                     "x_transferred",
                  ],
                  url: "http://www.vupen.com/english/advisories/2009/0233",
               },
               {
                  name: "22960",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/22960",
               },
               {
                  name: "28365",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/28365",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://support.avaya.com/elmodocs2/security/ASA-2007-206.htm",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://tomcat.apache.org/security-6.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://www.sec-consult.com/287.html",
               },
               {
                  name: "ADV-2007-3386",
                  tags: [
                     "vdb-entry",
                     "x_refsource_VUPEN",
                     "x_transferred",
                  ],
                  url: "http://www.vupen.com/english/advisories/2007/3386",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://www.sec-consult.com/fileadmin/Advisories/20070314-0-apache_tomcat_directory_traversal.txt",
               },
               {
                  name: "RHSA-2007:0327",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2007-0327.html",
               },
               {
                  name: "27037",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/27037",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://docs.info.apple.com/article.html?artnum=306172",
               },
               {
                  name: "SSRT071447",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_HP",
                     "x_transferred",
                  ],
                  url: "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795",
               },
               {
                  name: "ADV-2007-0975",
                  tags: [
                     "vdb-entry",
                     "x_refsource_VUPEN",
                     "x_transferred",
                  ],
                  url: "http://www.vupen.com/english/advisories/2007/0975",
               },
               {
                  name: "HPSBUX02262",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_HP",
                     "x_transferred",
                  ],
                  url: "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://tomcat.apache.org/security-5.html",
               },
               {
                  name: "25159",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/25159",
               },
               {
                  name: "26660",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/26660",
               },
               {
                  name: "RHSA-2008:0261",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2008-0261.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200702e.html",
               },
               {
                  name: "GLSA-200705-03",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "http://security.gentoo.org/glsa/glsa-200705-03.xml",
               },
               {
                  name: "25106",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/25106",
               },
               {
                  name: "2446",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SREASON",
                     "x_transferred",
                  ],
                  url: "http://securityreason.com/securityalert/2446",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540",
               },
               {
                  name: "20070314 SEC Consult SA-20070314-0 :: Apache HTTP Server / Tomcat directory traversal",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/archive/1/462791/100/0/threaded",
               },
               {
                  name: "MDKSA-2007:241",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_MANDRIVA",
                     "x_transferred",
                  ],
                  url: "http://www.mandriva.com/security/advisories?name=MDKSA-2007:241",
               },
               {
                  name: "SUSE-SR:2007:015",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://www.novell.com/linux/security/advisories/2007_15_sr.html",
               },
               {
                  name: "26235",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/26235",
               },
               {
                  name: "oval:org.mitre.oval:def:10643",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10643",
               },
               {
                  name: "[tomcat-dev] 20190319 svn commit: r1855831 [26/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20190325 svn commit: r1856174 [25/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/8d2a579bbd977c225c70cb23b0ec54865fb0dab5da3eff1e060c9935%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20190413 svn commit: r1857494 [18/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/277d42b48b6e9aef50949c0dcc79ce21693091d73da246b3c1981925%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20190415 svn commit: r1857582 [20/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/5b7a23e245c93235c503900da854a143596d901bf1a1f67e851a5de4%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20200203 svn commit: r1873527 [26/30] - /tomcat/site/trunk/docs/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20200213 svn commit: r1873980 [30/34] - /tomcat/site/trunk/docs/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/r5c616dfc49156e4b06ffab842800c80f4425924d0f20c452c127a53c%40%3Cdev.tomcat.apache.org%3E",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2007-03-14T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) \"/\" (slash), (2) \"\\\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-02-13T16:10:18",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://tomcat.apache.org/security-4.html",
            },
            {
               name: "30908",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/30908",
            },
            {
               name: "[Security-announce] 20080107 VMSA-2008-0002 Low severity security update for VirtualCenter and ESX Server 3.0.2, and ESX 3.0.1",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://lists.vmware.com/pipermail/security-announce/2008/000003.html",
            },
            {
               name: "ADV-2007-2732",
               tags: [
                  "vdb-entry",
                  "x_refsource_VUPEN",
               ],
               url: "http://www.vupen.com/english/advisories/2007/2732",
            },
            {
               name: "239312",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUNALERT",
               ],
               url: "http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1",
            },
            {
               name: "ADV-2007-3087",
               tags: [
                  "vdb-entry",
                  "x_refsource_VUPEN",
               ],
               url: "http://www.vupen.com/english/advisories/2007/3087",
            },
            {
               name: "tomcat-proxy-directory-traversal(32988)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/32988",
            },
            {
               name: "30899",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/30899",
            },
            {
               name: "ADV-2008-1979",
               tags: [
                  "vdb-entry",
                  "x_refsource_VUPEN",
               ],
               url: "http://www.vupen.com/english/advisories/2008/1979/references",
            },
            {
               name: "SUSE-SR:2007:005",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://www.novell.com/linux/security/advisories/2007_5_sr.html",
            },
            {
               name: "APPLE-SA-2007-07-31",
               tags: [
                  "vendor-advisory",
                  "x_refsource_APPLE",
               ],
               url: "http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html",
            },
            {
               name: "ADV-2008-0065",
               tags: [
                  "vdb-entry",
                  "x_refsource_VUPEN",
               ],
               url: "http://www.vupen.com/english/advisories/2008/0065",
            },
            {
               name: "20090127 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Updated - v1.1)",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "http://www.securityfocus.com/archive/1/500412/100/0/threaded",
            },
            {
               name: "33668",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/33668",
            },
            {
               name: "20080108 VMSA-2008-0002 Low severity security update for VirtualCenter and ESX Server 3.0.2, and ESX 3.0.1",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "http://www.securityfocus.com/archive/1/485938/100/0/threaded",
            },
            {
               name: "20090124 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "http://www.securityfocus.com/archive/1/500396/100/0/threaded",
            },
            {
               name: "25280",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/25280",
            },
            {
               name: "RHSA-2007:0360",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2007-0360.html",
            },
            {
               name: "24732",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/24732",
            },
            {
               name: "ADV-2009-0233",
               tags: [
                  "vdb-entry",
                  "x_refsource_VUPEN",
               ],
               url: "http://www.vupen.com/english/advisories/2009/0233",
            },
            {
               name: "22960",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/22960",
            },
            {
               name: "28365",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/28365",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://support.avaya.com/elmodocs2/security/ASA-2007-206.htm",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://tomcat.apache.org/security-6.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://www.sec-consult.com/287.html",
            },
            {
               name: "ADV-2007-3386",
               tags: [
                  "vdb-entry",
                  "x_refsource_VUPEN",
               ],
               url: "http://www.vupen.com/english/advisories/2007/3386",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://www.sec-consult.com/fileadmin/Advisories/20070314-0-apache_tomcat_directory_traversal.txt",
            },
            {
               name: "RHSA-2007:0327",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2007-0327.html",
            },
            {
               name: "27037",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/27037",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://docs.info.apple.com/article.html?artnum=306172",
            },
            {
               name: "SSRT071447",
               tags: [
                  "vendor-advisory",
                  "x_refsource_HP",
               ],
               url: "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795",
            },
            {
               name: "ADV-2007-0975",
               tags: [
                  "vdb-entry",
                  "x_refsource_VUPEN",
               ],
               url: "http://www.vupen.com/english/advisories/2007/0975",
            },
            {
               name: "HPSBUX02262",
               tags: [
                  "vendor-advisory",
                  "x_refsource_HP",
               ],
               url: "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://tomcat.apache.org/security-5.html",
            },
            {
               name: "25159",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/25159",
            },
            {
               name: "26660",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/26660",
            },
            {
               name: "RHSA-2008:0261",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2008-0261.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200702e.html",
            },
            {
               name: "GLSA-200705-03",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "http://security.gentoo.org/glsa/glsa-200705-03.xml",
            },
            {
               name: "25106",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/25106",
            },
            {
               name: "2446",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SREASON",
               ],
               url: "http://securityreason.com/securityalert/2446",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540",
            },
            {
               name: "20070314 SEC Consult SA-20070314-0 :: Apache HTTP Server / Tomcat directory traversal",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "http://www.securityfocus.com/archive/1/462791/100/0/threaded",
            },
            {
               name: "MDKSA-2007:241",
               tags: [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
               ],
               url: "http://www.mandriva.com/security/advisories?name=MDKSA-2007:241",
            },
            {
               name: "SUSE-SR:2007:015",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://www.novell.com/linux/security/advisories/2007_15_sr.html",
            },
            {
               name: "26235",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/26235",
            },
            {
               name: "oval:org.mitre.oval:def:10643",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10643",
            },
            {
               name: "[tomcat-dev] 20190319 svn commit: r1855831 [26/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20190325 svn commit: r1856174 [25/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/8d2a579bbd977c225c70cb23b0ec54865fb0dab5da3eff1e060c9935%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20190413 svn commit: r1857494 [18/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/277d42b48b6e9aef50949c0dcc79ce21693091d73da246b3c1981925%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20190415 svn commit: r1857582 [20/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/5b7a23e245c93235c503900da854a143596d901bf1a1f67e851a5de4%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20200203 svn commit: r1873527 [26/30] - /tomcat/site/trunk/docs/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20200213 svn commit: r1873980 [30/34] - /tomcat/site/trunk/docs/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/r5c616dfc49156e4b06ffab842800c80f4425924d0f20c452c127a53c%40%3Cdev.tomcat.apache.org%3E",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2007-0450",
      datePublished: "2007-03-16T22:00:00",
      dateReserved: "2007-01-23T00:00:00",
      dateUpdated: "2024-08-07T12:19:30.290Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted