CVE-2007-0450 — Apache Tomcat Directory Traversal

Description

Directory traversal vulnerability in Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a `..` (dot dot) sequence with combinations of (1) `/` (slash), (2) `\` (backslash), and (3) URL-encoded backslash (`%5C`) characters in the URL, which are valid separators in Tomcat but not in Apache.

How to fix CVE-2007-0450

To remediate CVE-2007-0450, upgrade the affected package to a fixed version below.

Maven/org.apache.tomcat:tomcat—upgrade to 5.5.22 or later

Is CVE-2007-0450 being exploited?

Likely — EPSS is 90.5%, placing CVE-2007-0450 in the top tier of vulnerabilities by exploitation probability. Prioritise patching.

Affected packages (1)

>= 5.0, < 5.5.22

References (34)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2007-0450
PATCHgithub.com/apache/tomcat
WEBdocs.info.apple.com/article.html?artnum=306172
WEBlists.apple.com/archives/security-announce//2007/Jul/msg00004.html
WEB