JVN/CVE Demo: Cveinfos

CVE

Id: 23807
CVE No.: CVE-2007-0450
Status: Candidate
Description: Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.
Phase: Assigned (20070123)
Votes: None (candidate not yet proposed)
Comments

Actions

Related CVE References

Id	CVE Id	CVE No.	Reference	Actions
231258	23807	CVE-2007-0450	BUGTRAQ:20080108 VMSA-2008-0002 Low severity security update for VirtualCenter and ESX Server 3.0.2, and ESX 3.0.1	View
231259	23807	CVE-2007-0450	URL:http://www.securityfocus.com/archive/1/archive/1/485938/100/0/threaded	View
231260	23807	CVE-2007-0450	BUGTRAQ:20090127 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Updated - v1.1)	View
231261	23807	CVE-2007-0450	URL:http://www.securityfocus.com/archive/1/archive/1/500412/100/0/threaded	View
231262	23807	CVE-2007-0450	BUGTRAQ:20090124 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities	View
231263	23807	CVE-2007-0450	URL:http://www.securityfocus.com/archive/1/archive/1/500396/100/0/threaded	View
231264	23807	CVE-2007-0450	MLIST:[Security-announce] 20080107 VMSA-2008-0002 Low severity security update for VirtualCenter and ESX Server 3.0.2, and ESX 3.0.1	View
231265	23807	CVE-2007-0450	URL:http://lists.vmware.com/pipermail/security-announce/2008/000003.html	View
231266	23807	CVE-2007-0450	CONFIRM:http://tomcat.apache.org/security-4.html	View
231267	23807	CVE-2007-0450	CONFIRM:http://tomcat.apache.org/security-5.html	View
231268	23807	CVE-2007-0450	CONFIRM:http://tomcat.apache.org/security-6.html	View
231269	23807	CVE-2007-0450	CONFIRM:http://docs.info.apple.com/article.html?artnum=306172	View
231270	23807	CVE-2007-0450	CONFIRM:http://www.fujitsu.com/global/support/software/security/products-f/interstage-200702e.html	View
231271	23807	CVE-2007-0450	CONFIRM:http://support.avaya.com/elmodocs2/security/ASA-2007-206.htm	View
231272	23807	CVE-2007-0450	CONFIRM:http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx	View
231273	23807	CVE-2007-0450	CONFIRM:http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540	View
231274	23807	CVE-2007-0450	APPLE:APPLE-SA-2007-07-31	View
231275	23807	CVE-2007-0450	URL:http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html	View
231276	23807	CVE-2007-0450	GENTOO:GLSA-200705-03	View
231277	23807	CVE-2007-0450	URL:http://security.gentoo.org/glsa/glsa-200705-03.xml	View
231278	23807	CVE-2007-0450	HP:HPSBUX02262	View
231279	23807	CVE-2007-0450	URL:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795	View
231280	23807	CVE-2007-0450	HP:SSRT071447	View
231281	23807	CVE-2007-0450	URL:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795	View
231282	23807	CVE-2007-0450	MANDRIVA:MDKSA-2007:241	View
231283	23807	CVE-2007-0450	URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:241	View
231284	23807	CVE-2007-0450	REDHAT:RHSA-2007:0327	View
231285	23807	CVE-2007-0450	URL:http://www.redhat.com/support/errata/RHSA-2007-0327.html	View
231286	23807	CVE-2007-0450	REDHAT:RHSA-2007:0360	View
231287	23807	CVE-2007-0450	URL:http://www.redhat.com/support/errata/RHSA-2007-0360.html	View
231288	23807	CVE-2007-0450	REDHAT:RHSA-2008:0261	View
231289	23807	CVE-2007-0450	URL:http://www.redhat.com/support/errata/RHSA-2008-0261.html	View
231290	23807	CVE-2007-0450	SUNALERT:239312	View
231291	23807	CVE-2007-0450	URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1	View
231292	23807	CVE-2007-0450	SUSE:SUSE-SR:2007:005	View
231293	23807	CVE-2007-0450	URL:http://www.novell.com/linux/security/advisories/2007_5_sr.html	View
231294	23807	CVE-2007-0450	SUSE:SUSE-SR:2007:015	View
231295	23807	CVE-2007-0450	URL:http://www.novell.com/linux/security/advisories/2007_15_sr.html	View
231296	23807	CVE-2007-0450	BID:22960	View
231297	23807	CVE-2007-0450	URL:http://www.securityfocus.com/bid/22960	View
231298	23807	CVE-2007-0450	BUGTRAQ:20070314 SEC Consult SA-20070314-0 :: Apache HTTP Server / Tomcat directory traversal	View
231299	23807	CVE-2007-0450	URL:http://www.securityfocus.com/archive/1/archive/1/462791/100/0/threaded	View
231300	23807	CVE-2007-0450	MISC:http://www.sec-consult.com/287.html	View
231301	23807	CVE-2007-0450	MISC:http://www.sec-consult.com/fileadmin/Advisories/20070314-0-apache_tomcat_directory_traversal.txt	View
231302	23807	CVE-2007-0450	BID:25159	View
231303	23807	CVE-2007-0450	URL:http://www.securityfocus.com/bid/25159	View
231304	23807	CVE-2007-0450	OVAL:oval:org.mitre.oval:def:10643	View
231305	23807	CVE-2007-0450	URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10643	View
231306	23807	CVE-2007-0450	VUPEN:ADV-2007-0975	View
231307	23807	CVE-2007-0450	URL:http://www.vupen.com/english/advisories/2007/0975	View
231308	23807	CVE-2007-0450	VUPEN:ADV-2007-2732	View
231309	23807	CVE-2007-0450	URL:http://www.vupen.com/english/advisories/2007/2732	View
231310	23807	CVE-2007-0450	VUPEN:ADV-2007-3087	View
231311	23807	CVE-2007-0450	URL:http://www.vupen.com/english/advisories/2007/3087	View
231312	23807	CVE-2007-0450	VUPEN:ADV-2007-3386	View
231313	23807	CVE-2007-0450	URL:http://www.vupen.com/english/advisories/2007/3386	View
231314	23807	CVE-2007-0450	VUPEN:ADV-2008-0065	View
231315	23807	CVE-2007-0450	URL:http://www.vupen.com/english/advisories/2008/0065	View
231316	23807	CVE-2007-0450	VUPEN:ADV-2008-1979	View
231317	23807	CVE-2007-0450	URL:http://www.vupen.com/english/advisories/2008/1979/references	View
231318	23807	CVE-2007-0450	VUPEN:ADV-2009-0233	View
231319	23807	CVE-2007-0450	URL:http://www.vupen.com/english/advisories/2009/0233	View
231320	23807	CVE-2007-0450	SECUNIA:24732	View
231321	23807	CVE-2007-0450	URL:http://secunia.com/advisories/24732	View
231322	23807	CVE-2007-0450	SECUNIA:25106	View
231323	23807	CVE-2007-0450	URL:http://secunia.com/advisories/25106	View
231324	23807	CVE-2007-0450	SECUNIA:25280	View
231325	23807	CVE-2007-0450	URL:http://secunia.com/advisories/25280	View
231326	23807	CVE-2007-0450	SECUNIA:26235	View
231327	23807	CVE-2007-0450	URL:http://secunia.com/advisories/26235	View
231328	23807	CVE-2007-0450	SECUNIA:26660	View
231329	23807	CVE-2007-0450	URL:http://secunia.com/advisories/26660	View
231330	23807	CVE-2007-0450	SECUNIA:27037	View
231331	23807	CVE-2007-0450	URL:http://secunia.com/advisories/27037	View
231332	23807	CVE-2007-0450	SECUNIA:28365	View
231333	23807	CVE-2007-0450	URL:http://secunia.com/advisories/28365	View
231334	23807	CVE-2007-0450	SECUNIA:30908	View
231335	23807	CVE-2007-0450	URL:http://secunia.com/advisories/30908	View
231336	23807	CVE-2007-0450	SECUNIA:30899	View
231337	23807	CVE-2007-0450	URL:http://secunia.com/advisories/30899	View
231338	23807	CVE-2007-0450	SECUNIA:33668	View
231339	23807	CVE-2007-0450	URL:http://secunia.com/advisories/33668	View
231340	23807	CVE-2007-0450	SREASON:2446	View
231341	23807	CVE-2007-0450	URL:http://securityreason.com/securityalert/2446	View
231342	23807	CVE-2007-0450	XF:tomcat-proxy-directory-traversal(32988)	View

Related JVN

Id	JVN No.	Title	Summary	CVE No.	CVE Id	CVSS_v2	CVSS_v3	JVN URL	Actions
51458	JVNDB-2007-000120	Samba の smbd におけるサービス運用妨害 (DoS) の脆弱性	Samba の smbd には、クライアントからのリクエストを保存するキューの処理に不備が存在するため、特定の状況下でファイルがリネームされた場合、キュー内のリクエストが正常に削除されずに無限ループが発生する脆弱性が存在します。	CVE-2007-0452	23807	6.8		http://jvndb.jvn.jp/ja/contents/2007/JVNDB-2007-000120.html	View

Message	Memory use
Component initialization	1.39 MB
Controller action start	1.49 MB
Controller render start	2.38 MB
View render complete	2.92 MB

Message	Time in ms	Graph
Core Processing (Derived from $_SERVER["REQUEST_TIME"])	2.73
Event: Controller.initialize	0.02
Event: Controller.startup	0.06
Controller action	437.10
Event: Controller.beforeRender	4.68
» Processing toolbar data	4.59
Rendering View	24.50
» Event: View.beforeRender	0.02
» Rendering APP/View/Cveinfos/view.ctp	23.39
» Event: View.afterRender	0.03
» Event: View.beforeLayout	0.02
» Rendering APP/View/Layouts/default.ctp	0.64
» » Rendering CORE/Cake/View/Elements/sql_dump.ctp	0.10
Event: View.afterLayout	0.00

Constant	Value
APP	/virtual/inogo77/public_html/jvn/app/
APP_DIR	app
APPLIBS	/virtual/inogo77/public_html/jvn/app/Lib/
CACHE	/virtual/inogo77/public_html/jvn/app/tmp/cache/
CAKE	/virtual/inogo77/public_html/jvn/lib/Cake/
CAKE_CORE_INCLUDE_PATH	/virtual/inogo77/public_html/jvn/lib
CORE_PATH	/virtual/inogo77/public_html/jvn/lib/
CAKE_VERSION	2.6.0
CSS	/virtual/inogo77/public_html/jvn/app/webroot/css/
CSS_URL	css/
DS	/
FULL_BASE_URL	http://inogo77.s500.xrea.com
IMAGES	/virtual/inogo77/public_html/jvn/app/webroot/img/
IMAGES_URL	img/
JS	/virtual/inogo77/public_html/jvn/app/webroot/js/
JS_URL	js/
LOGS	/virtual/inogo77/public_html/jvn/app/tmp/logs/
ROOT	/virtual/inogo77/public_html/jvn
TESTS	/virtual/inogo77/public_html/jvn/app/Test/
TMP	/virtual/inogo77/public_html/jvn/app/tmp/
VENDORS	/virtual/inogo77/public_html/jvn/vendors/
WEBROOT_DIR	webroot
WWW_ROOT	/virtual/inogo77/public_html/jvn/app/webroot/

Environment Variable	Value
Php Version	5.6.40
Phprc	php56.ini
Php Fcgi Children	1
Pwd	/virtual/inogo77/public_html/.fast-cgi-bin
Php Fcgi Max Requests	10000
Shlvl	0
Path	/usr/local/bin:/usr/bin:/bin
Script Name	/jvn/app/webroot/index.php
Request Uri	/jvn/cveinfos/view/23807
Query String
Request Method	GET
Server Protocol	HTTP/1.1
Gateway Interface	CGI/1.1
Redirect Url	/jvn/app/webroot/cveinfos/view/23807
Remote Port	53556
Script Filename	/virtual/inogo77/public_html/jvn/app/webroot/index.php
Server Admin	[no address given]
Context Document Root	/virtual/inogo77/public_html
Context Prefix
Request Scheme	http
Document Root	/virtual/inogo77/public_html
Remote Addr	216.73.216.148
Server Port	80
Server Addr	160.251.151.205
Server Name	inogo77.s500.xrea.com
Server Software	Apache
Server Signature
Http Connection	close
Http Cache Control	max-age=259200
Http X Forwarded For	10.1.78.197
Http Via	1.1 squid-proxy-5b5d847c96-v2jzj (squid/6.10)
Http Host	inogo77.s500.xrea.com
Http Accept Encoding	gzip, br, zstd, deflate
Http User Agent	Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com)
Http Accept	/
Gem Home	/usr/local/rvm/gems/ruby-2.3.0
Suspectharddos	1
Suspectdos	1
X Dostranslated Ip	216.73.216.148
Mm Country Code	US
Mmdb Info	result found
Mmdb Addr	216.73.216.148
Unique Id	aFEYcqvA8t9os3QU0OeoeAAAAMA
Redirect Status	200
Redirect Gem Home	/usr/local/rvm/gems/ruby-2.3.0
Redirect Suspectharddos	1
Redirect Suspectdos	1
Redirect X Dostranslated Ip	216.73.216.148
Redirect Mm Country Code	US
Redirect Mmdb Info	result found
Redirect Mmdb Addr	216.73.216.148
Redirect Unique Id	aFEYcqvA8t9os3QU0OeoeAAAAMA
Redirect Redirect Status	200
Redirect Redirect Gem Home	/usr/local/rvm/gems/ruby-2.3.0
Redirect Redirect Suspectharddos	1
Redirect Redirect Suspectdos	1
Redirect Redirect X Dostranslated Ip	216.73.216.148
Redirect Redirect Mm Country Code	US
Redirect Redirect Mmdb Info	result found
Redirect Redirect Mmdb Addr	216.73.216.148
Redirect Redirect Unique Id	aFEYcqvA8t9os3QU0OeoeAAAAMA
Fcgi Role	RESPONDER
Php Self	/jvn/app/webroot/index.php
Request Time Float	1750145138.2009
Request Time	1750145138

CVE

Actions

Related CVE References

Related JVN

Request History

Session

Request

Cake Params

Post data

Query string

Cookie

Current Route

Sql Logs

default

Memory

Timers

Logs

View Variables

App Constants

CakePHP Constants

PHP Environment

Included Files

Include Paths

Included Files