hao/websafe-kb
1
0
派生 0
代码 工单 合并请求 1 工作流 软件包 项目 发布 百科 活动
文件
df455d7fb554c693cc4ff853ff46b7b8a75fd748
websafe-kb/08-threat-intel/registry/advisories/apache-httpd--CVE-2007-1860.json

98 行
4.4 KiB
JSON
原始文件 Blame 文件历史

{
"canonical_id": "apache-httpd--CVE-2007-1860",
"system_id": "apache-httpd",
"display_name": "Apache HTTP Server",
"category": "servers",
"advisory_mode": "server",
"title": "CVE-2007-1860",
"summary": "mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. (dot dot) sequences and directory traversal, a related issue to CVE-2007-0450.",
"published_at": "2007-05-25T18:30:00.000",
"updated_at": "2025-04-09T00:30:58.490",
"severity": "medium",
"cvss_score": 5.0,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "http://docs.info.apple.com/article.html?artnum=306172",
"secondary_source_urls": [
"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795",
"http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html",
"http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html",
"http://secunia.com/advisories/25383",
"http://secunia.com/advisories/25701",
"http://secunia.com/advisories/26235",
"http://secunia.com/advisories/26512",
"http://secunia.com/advisories/27037",
"http://secunia.com/advisories/29242",
"http://security.gentoo.org/glsa/glsa-200708-15.xml",
"http://tomcat.apache.org/connectors-doc/news/20070301.html#20070518.1",
"http://tomcat.apache.org/security-jk.html",
"http://www.debian.org/security/2007/dsa-1312",
"http://www.osvdb.org/34877",
"http://www.redhat.com/support/errata/RHSA-2007-0379.html",
"http://www.redhat.com/support/errata/RHSA-2008-0261.html",
"http://www.securityfocus.com/bid/24147",
"http://www.securityfocus.com/bid/25159",
"http://www.securitytracker.com/id?1018138",
"http://www.vupen.com/english/advisories/2007/1941",
"http://www.vupen.com/english/advisories/2007/2732",
"http://www.vupen.com/english/advisories/2007/3386",
"https://exchange.xforce.ibmcloud.com/vulnerabilities/34496",
"https://lists.apache.org/thread.html/277d42b48b6e9aef50949c0dcc79ce21693091d73da246b3c1981925%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/5b7a23e245c93235c503900da854a143596d901bf1a1f67e851a5de4%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/8d2a579bbd977c225c70cb23b0ec54865fb0dab5da3eff1e060c9935%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/r5c616dfc49156e4b06ffab842800c80f4425924d0f20c452c127a53c%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3E",
"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6002"
],
"aliases": [
"CVE-2007-1860"
],
"cve_ids": [
"CVE-2007-1860"
],
"ghsa_ids": [],
"osv_ids": [],
"affected_versions": [],
"fixed_versions": [],
"package_name": null,
"render_markdown": false,
"case_path": null,
"secure_code_topics": [
"request-smuggling-boundary",
"proxy-trust-boundary",
"path-traversal-guard"
],
"status": "triage",
"triage_reasons": [
"missing affected/fixed version details"
],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"historical_status": null,
"latest_status": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "proxy-boundary-generic",
"artifact_mode": "official-image",
"blocked_reason": null,
"metadata": {
"source_names": [
"NVD Apache HTTP Server"
],
"source_kinds": [
"nvd-search"
],
"candidate_count": 1
}
}
在新工单中引用 查看 Git Blame 复制永久链接