Tomcat JK Connector May Let Remote Users Access Restricted Resources
|
|
SecurityTracker Alert ID: 1018138 |
|
SecurityTracker URL: http://securitytracker.com/id/1018138
|
|
CVE Reference:
CVE-2007-1860
(Links to External Site)
|
Date: May 30 2007
|
Impact:
Disclosure of user information
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): mod_jk 1.2.0-1.2.22
|
Description:
A vulnerability was reported in Apache Tomcat JK Connector. A remote user may be able to access protected resources.
A remote user can supply a specially crafted URL to access a different (and potentially restricted) resource on Tomcat.
|
Impact:
A remote user may be able to access restricted resources.
|
Solution:
The vendor has issued a fixed version (mod_jk 1.2.23).
The Apache advisory is available at:
http://tomcat.apache.org/security-jk.html
|
Vendor URL: tomcat.apache.org/ (Links to External Site)
|
Cause:
Access control error, Input validation error
|
Underlying OS:
Linux (Any), UNIX (Any), Windows (Any)
|
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
Date: Wed, 30 May 2007 07:34:53 -0400
Subject: Apache Tomcat
|
http://tomcat.apache.org/security-jk.html
CVE-2007-1860
|
|
