Definition


New Search

Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10 when using certain proxy modules (mod_proxy mod_rewrite mod_jk) allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash) (2) "\" (backslash) and (3) URL-encoded backslash (%5C) characters in the URL which are valid separators in Tomcat but not in Apache.

oval:org.mitre.oval:def:10643

Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10 when using certain proxy modules (mod_proxy mod_rewrite mod_jk) allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash) (2) "\" (backslash) and (3) URL-encoded backslash (%5C) characters in the URL which are valid separators in Tomcat but not in Apache.

Family:
unix
Status:
ACCEPTED
Platform(s):
  • CentOS Linux 5
  • Red Hat Enterprise Linux 5
  • Oracle Linux 5
Class:
vulnerability
Reference(s):
  • CVE-2007-0450
Product(s):