Oval Definition:oval:org.opensuse.security:def:20070450
Revision Date:2015-11-16Version:1
Title:CVE-2007-0450
Description:
Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.
Family:unixClass:vulnerability
Status:Reference(s):CVE-2007-0450
Platform(s):Open Enterprise Server
openSUSE 10.2
SUSE CORE 9 for AMD64 and Intel EM64T
SUSE CORE 9 for IBM POWER
SUSE CORE 9 for IBM S/390 31bit
SUSE CORE 9 for IBM zSeries 64bit
SUSE CORE 9 for Itanium Processor Family
SUSE CORE 9 for x86
SUSE LINUX 10.0
SUSE LINUX 10.1
SUSE LINUX 9.3
Product(s):
Definition Synopsis
  • Release Information
  • sles9-oes is installed
  • AND jakarta-tomcat less than 5.0.19-29.5
  • OR Package Information
  • suse100 is installed
  • tomcat5-admin-webapps less than 5.0.30-10
  • OR tomcat5-webapps less than 5.0.30-10
  • OR tomcat5 less than 5.0.30-10
  • OR
  • suse101 is installed
  • tomcat5-admin-webapps less than 5.0.30-27.14
  • OR tomcat5-webapps less than 5.0.30-27.14
  • OR tomcat5 less than 5.0.30-27.14
  • OR Package Information
  • suse100 is installed
  • tomcat5-admin-webapps less than 5.0.30-8
  • OR tomcat5-webapps less than 5.0.30-8
  • OR tomcat5 less than 5.0.30-8
  • OR
  • suse101 is installed
  • tomcat5-admin-webapps less than 5.0.30-27.5.3
  • OR tomcat5-webapps less than 5.0.30-27.5.3
  • OR tomcat5 less than 5.0.30-27.5.3
  • OR
  • suse93 is installed
  • tomcat5-admin-webapps less than 5.0.30-4.3
  • OR tomcat5-webapps less than 5.0.30-4.3
  • OR tomcat5 less than 5.0.30-4.3
    • BACK