Your submission was sent successfully! Close

CVE-2007-0450

Published: 16 March 2007

Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.

Priority

Unknown

Status

Package Release Status
tomcat5
Launchpad, Ubuntu, Debian
Upstream Needs triage

tomcat5.5
Launchpad, Ubuntu, Debian
Upstream Needs triage