Red Hat Customer Portal

Skip to main content

CVE-2007-0450

Impact:
Important
Public Date:
2007-03-14
Bugzilla:
237080: CVE-2007-0450 tomcat directory traversal

The MITRE CVE dictionary describes this issue as:

Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.

Find out more about CVE-2007-0450 from the MITRE CVE dictionary dictionary and NIST NVD.

Red Hat Security Errata

Platform Errata Release Date
Red Hat Application Stack v1 for Enterprise Linux AS (v.4) (jbossas) RHSA-2007:0360 2007-05-24
Red Hat Certificate System 7.3 for 4AS RHSA-2010:0602 2010-08-04
Red Hat Developer Suite v.3 (AS v.4) (jakarta-commons-modeler) RHSA-2007:0328 2007-05-24
Red Hat Satellite v 4.1 (RHEL v.4 AS) RHSA-2007:1069 2007-11-26
Red Hat Satellite 5.0 (RHEL v.4 AS) RHSA-2008:0261 2008-05-20
Red Hat Satellite v 4.2 (RHEL v.3 AS) RHSA-2008:0524 2008-06-30
Red Hat Satellite v 4.2 (RHEL v.3 AS) RHSA-2007:1069 2007-11-26
Red Hat Satellite v 4.0 (RHEL v.4 AS) RHSA-2007:1069 2007-11-26
Red Hat Satellite v 4.2 (RHEL v.4 AS) RHSA-2007:1069 2007-11-26
Red Hat Satellite 5.0 (RHEL v.4 AS) RHSA-2007:1069 2007-11-26
Red Hat Satellite v 4.2 (RHEL v.4 AS) RHSA-2008:0524 2008-06-30
Red Hat Satellite v 4.0 (RHEL v.3 AS) RHSA-2007:1069 2007-11-26
Red Hat Enterprise Linux 5 RHSA-2007:0327 2007-05-14
Red Hat Application Server v2 4AS (jakarta-commons-modeler) RHSA-2007:0326 2007-05-21
Red Hat Application Server 3AS (tomcat5) RHSA-2007:0340 2007-05-08
Red Hat Satellite v 4.1 (RHEL v.3 AS) RHSA-2007:1069 2007-11-26

Affected Packages State

Platform Package State
Red Hat Enterprise Linux version 5 tomcat5 5.5.23-0jpp.1.0.3.el5 Fixed
Red Hat Enterprise Linux version 5 jakarta-commons-modeler 1.1-8jpp.1.0.2.el5 Fixed

Last Modified