CVE-2007-1860

medium

Apache

CVSS v3 Base Score

5.0

AV:N/AC:L/Au:N/C:P/I:N/A:N

EPSS Score

24.5%

Exploitation probability in 30 days

Top 4% most likely to be exploited

Attack Characteristics

Attack Vector

Network

Attack Complexity

Low

Confidentiality

Integrity

None

Availability

None

Published: May 25, 2007 (6928 days ago)

Last Modified: April 23, 2026

Vendor: Apache

Source: NVD

Description

mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. (dot dot) sequences and directory traversal, a related issue to CVE-2007-0450.

CWE

CWE-22

Affected Products

apache tomcat jk web server connector

References

🔗 docs.info.apple.com 🔗 h20000.www2.hp.com 🔗 lists.apple.com 🔗 lists.opensuse.org 🔗 secunia.com

CVE-2007-1860

Vulnerability Report

Description

CWE

Affected Products

References