An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS00cHJoLWdxdzgtcmdoNc2XRQ

Apache Tomcat Directory Traversal

Directory traversal vulnerability in Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) / (slash), (2) \ (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.

Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 1 year ago
Updated: 2 months ago

Identifiers: GHSA-4prh-gqw8-rgh5, CVE-2007-0450

Affected Packages

Versions: >= 6.0, < 6.0.10, >= 5.0, < 5.5.22
Fixed in: 6.0.10, 5.5.22