Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2007:0380

The remote host is missing updates announced in
advisory RHSA-2007:0380.

mod_jk is a Tomcat connector that can be used to communicate between Tomcat
and the Apache HTTP Server 2.

Versions of mod_jk before 1.2.23 decoded request URLs by default inside
Apache httpd and forwarded the encoded URL to Tomcat, which itself did a
second decoding. If Tomcat was used behind mod_jk and configured to only
proxy some contexts, an attacker could construct a carefully crafted HTTP
request to work around the context restriction and potentially access
non-proxied content (CVE-2007-1860).

Users of mod_jk should upgrade to these updated packages, which address
this issue by changing the default so mod_jk forwards the original
unchanged request URL to Tomcat.

Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

Risk factor : Medium

CVSS Score:

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2007-1860
BugTraq ID: 24147
BugTraq ID: 25159
Debian Security Information: DSA-1312 (Google Search)
HPdes Security Advisory: HPSBUX02262
HPdes Security Advisory: SSRT071447
SuSE Security Announcement: SUSE-SR:2008:005 (Google Search)
XForce ISS Database: tomcat-jkconnector-security-bypass(34496)
CopyrightCopyright (c) 2007 E-Soft Inc.

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2021 E-Soft Inc. All rights reserved.