Russian Vulnerability Scanner Database

Back to List

CVE-2007-0450

Scores

EPSS

0.911high91.1%
0%20%40%60%80%100%

Percentile: 91.1%

CVSS

5.0medium2.0
0246810

CVSS Score: 5.0/10

All CVSS Scores

CVSS 2.0
5.0

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Description

Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) “/” (slash), (2) “\” (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.

Scaner-VS 7 — a modern vulnerability management solution

Uses this database for vulnerability detection. High-speed search, cross-platform, advanced configuration audit, and flexible filtering. Suitable for organizations of any size.
Learn more about Scaner-VS 7

Sources

anchore_overridesdebiannvdredhatubuntu

CWEs

CWE-22

Exploits

Exploit ID: 29739

Source: exploitdb

URL: https://www.exploit-db.com/exploits/29739

Recommendations

Source: nvd

All Tomcat users should upgrade to the latest version:

# emerge –sync
# emerge –ask –oneshot –verbose “>=www-servers/tomcat-5.5.22”

URL: http://security.gentoo.org/glsa/glsa-200705-03.xml

Vulnerable Software (85)

Type: Configuration

Operating System:

Trait: 
{  "children": [    {      "cpe_match": [        {          "cpe23uri": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:maven:*:*",          "versionEndExcluding": "5.5.22",          "versionStartIncluding"...

Source: anchore_overrides

Type: Configuration

Product: ant

Operating System: rhel

Trait: 
{  "fixed": "1.6.5-1jpp_1rh"}

Source: redhat

Type: Configuration

Product: avalon-logkit

Operating System: rhel

Trait: 
{  "fixed": "1.2-2jpp_4rh"}

Source: redhat

Type: Configuration

Product: axis

Operating System: rhel

Trait: 
{  "fixed": "1.2.1-1jpp_3rh"}

Source: redhat

Type: Configuration

Product: classpathx-jaf

Operating System: rhel

Trait: 
{  "fixed": "1.0-2jpp_6rh"}

Source: redhat

Type: Configuration

Product: classpathx-mail

Operating System: rhel

Trait: 
{  "fixed": "1.1.1-2jpp_8rh"}

Source: redhat

Type: Configuration

Product: geronimo-specs

Operating System: rhel

Trait: 
{  "fixed": "1.0-0.M4.1jpp_10rh"}

Source: redhat

Type: Configuration

Product: jabberd

Operating System: rhel

Trait: 
{  "fixed": "2.0s10-3.38.rhn"}

Source: redhat

Type: Configuration

Product: jabberd

Operating System: rhel

Trait: 
{  "fixed": "2.0s10-3.37.rhn"}

Source: redhat

Type: Configuration

Product: jabberd

Operating System: rhel

Trait: 
{  "fixed": "2.0s10-3.38.rhn"}

Source: redhat

Type: Configuration

Product: jakarta-commons-modeler

Operating System: rhel

Trait: 
{  "fixed": "2.0-3jpp_2rh"}

Source: redhat

Type: Configuration

Product: jakarta-commons-modeler

Operating System: rhel

Trait: 
{  "fixed": "2.0-3jpp_3rh"}

Source: redhat

Type: Configuration

Product: jakarta-commons-modeler

Operating System: rhel 5

Trait: 
{  "fixed": "1.1-8jpp.1.0.2.el5"}

Source: redhat

Type: Configuration

Product: jakarta-commons-modeler

Operating System: rhel

Trait: 
{  "fixed": "2.0-3jpp_2rh"}

Source: redhat

Type: Configuration

Product: jakarta-commons-pool

Operating System: rhel

Trait: 
{  "fixed": "1.2-2jpp_2rh"}

Source: redhat

Type: Configuration

Product: jakarta-commons-pool

Operating System: rhel

Trait: 
{  "fixed": "1.2-2jpp_2rh"}

Source: redhat

Type: Configuration

Product: jakarta-commons-pool

Operating System: rhel

Trait: 
{  "fixed": "1.2-2jpp_2rh"}

Source: redhat

Type: Configuration

Product: jakarta-commons-pool

Operating System: rhel

Trait: 
{  "fixed": "1.2-2jpp_2rh"}

Source: redhat

Type: Configuration

Product: jakarta-commons-pool

Operating System: rhel

Trait: 
{  "fixed": "1.2-2jpp_2rh"}

Source: redhat

Type: Configuration

Product: jakarta-commons-pool

Operating System: rhel

Trait: 
{  "fixed": "1.2-2jpp_2rh"}

Source: redhat