FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

mod_jk -- information disclosure

Affected packages
mod_jk < 1.2.23,1
mod_jk-ap2 < 1.2.23

Details

VuXML ID d9405748-1342-11dc-a35c-001485ab073e
Discovery 2007-05-18
Entry 2007-06-05
Modified 2007-10-31

Kazu Nambo reports:

URL decoding the the Apache webserver prior to decoding in the Tomcat server could pypass access control rules and give access to pages on a different AJP by sending a crafted URL.

References

CVE Name CVE-2007-1860
URL http://secunia.com/advisories/25383/
URL http://tomcat.apache.org/connectors-doc/news/20070301.html#20070518.1
URL http://tomcat.apache.org/security-jk.html