Information disclosure in Apache Tomcat JK ISAPI Connector - CVE-2007-1860
Published: October 7, 2016
Vulnerability identifier: #VU798
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2007-1860
CWE-ID: CWE-284
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Apache Foundation
Affected software:
Apache Tomcat JK ISAPI Connector
Apache Tomcat JK ISAPI Connector
Detailed vulnerability description
The vulnerability allows a remote unauthenticated user to obtain potentially sensitive information on the target sytem.
The weakness is caused by access control flaw that may occur in case of repeated decoding of request URL by multiple components (firewalls, caches, proxies and Tomcat) and allows attacker to read the responses to valid user's requests.
Succcessful exploitation of the vulnerability results in information disclosure on the vulnerable system.
The weakness is caused by access control flaw that may occur in case of repeated decoding of request URL by multiple components (firewalls, caches, proxies and Tomcat) and allows attacker to read the responses to valid user's requests.
Succcessful exploitation of the vulnerability results in information disclosure on the vulnerable system.
How to mitigate CVE-2007-1860
Update to version 1.2.23.