cpe:/a:apache:http_server:- cpe:/a:apache:tomcat:5.0.0 cpe:/a:apache:tomcat:5.0.1 cpe:/a:apache:tomcat:5.0.2 cpe:/a:apache:tomcat:5.0.3 cpe:/a:apache:tomcat:5.0.4 cpe:/a:apache:tomcat:5.0.5 cpe:/a:apache:tomcat:5.0.6 cpe:/a:apache:tomcat:5.0.7 cpe:/a:apache:tomcat:5.0.8 cpe:/a:apache:tomcat:5.0.9 cpe:/a:apache:tomcat:5.0.10 cpe:/a:apache:tomcat:5.0.11 cpe:/a:apache:tomcat:5.0.12 cpe:/a:apache:tomcat:5.0.13 cpe:/a:apache:tomcat:5.0.14 cpe:/a:apache:tomcat:5.0.15 cpe:/a:apache:tomcat:5.0.16 cpe:/a:apache:tomcat:5.0.17 cpe:/a:apache:tomcat:5.0.18 cpe:/a:apache:tomcat:5.0.19 cpe:/a:apache:tomcat:5.0.21 cpe:/a:apache:tomcat:5.0.22 cpe:/a:apache:tomcat:5.0.23 cpe:/a:apache:tomcat:5.0.24 cpe:/a:apache:tomcat:5.0.25 cpe:/a:apache:tomcat:5.0.26 cpe:/a:apache:tomcat:5.0.27 cpe:/a:apache:tomcat:5.0.28 cpe:/a:apache:tomcat:5.0.29 cpe:/a:apache:tomcat:5.0.30 cpe:/a:apache:tomcat:5.5.0 cpe:/a:apache:tomcat:5.5.1 cpe:/a:apache:tomcat:5.5.2 cpe:/a:apache:tomcat:5.5.3 cpe:/a:apache:tomcat:5.5.4 cpe:/a:apache:tomcat:5.5.5 cpe:/a:apache:tomcat:5.5.6 cpe:/a:apache:tomcat:5.5.7 cpe:/a:apache:tomcat:5.5.8 cpe:/a:apache:tomcat:5.5.9 cpe:/a:apache:tomcat:5.5.10 cpe:/a:apache:tomcat:5.5.11 cpe:/a:apache:tomcat:5.5.12 cpe:/a:apache:tomcat:5.5.13 cpe:/a:apache:tomcat:5.5.14 cpe:/a:apache:tomcat:5.5.15 cpe:/a:apache:tomcat:5.5.16 cpe:/a:apache:tomcat:5.5.17 cpe:/a:apache:tomcat:5.5.18 cpe:/a:apache:tomcat:5.5.19 cpe:/a:apache:tomcat:5.5.20 cpe:/a:apache:tomcat:5.5.21 cpe:/a:apache:tomcat:6.0.0 cpe:/a:apache:tomcat:6.0.0:alpha cpe:/a:apache:tomcat:6.0.1 cpe:/a:apache:tomcat:6.0.1:alpha cpe:/a:apache:tomcat:6.0.2 cpe:/a:apache:tomcat:6.0.2:alpha cpe:/a:apache:tomcat:6.0.2:beta cpe:/a:apache:tomcat:6.0.3 cpe:/a:apache:tomcat:6.0.4 cpe:/a:apache:tomcat:6.0.4:alpha cpe:/a:apache:tomcat:6.0.5 cpe:/a:apache:tomcat:6.0.6 cpe:/a:apache:tomcat:6.0.6:alpha cpe:/a:apache:tomcat:6.0.7 cpe:/a:apache:tomcat:6.0.7:alpha cpe:/a:apache:tomcat:6.0.7:beta cpe:/a:apache:tomcat:6.0.8 cpe:/a:apache:tomcat:6.0.8:alpha cpe:/a:apache:tomcat:6.0.9 cpe:/a:apache:tomcat:6.0.9:beta CVE-2007-0450 2007-03-16T18:19:00.000-04:00 2019-03-25T07:29:11.363-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2018-10-17T15:00:04.403-04:00 BUGTRAQ 20070314 SEC Consult SA-20070314-0 :: Apache HTTP Server / Tomcat directory traversal BUGTRAQ 20080108 VMSA-2008-0002 Low severity security update for VirtualCenter and ESX Server 3.0.2, and ESX 3.0.1 BUGTRAQ 20090124 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities BUGTRAQ 20090127 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Updated - v1.1) BID 22960 SUNALERT 239312 SREASON 2446 SECUNIA 24732 SECUNIA 25106 BID 25159 SECUNIA 25280 SECUNIA 26235 SECUNIA 26660 SECUNIA 27037 SECUNIA 28365 SECUNIA 30899 SECUNIA 30908 SECUNIA 33668 VUPEN ADV-2007-0975 VUPEN ADV-2007-2732 VUPEN ADV-2007-3087 VUPEN ADV-2007-3386 VUPEN ADV-2008-0065 VUPEN ADV-2008-1979 VUPEN ADV-2009-0233 APPLE APPLE-SA-2007-07-31 GENTOO GLSA-200705-03 HP HPSBUX02262 MANDRIVA MDKSA-2007:241 REDHAT RHSA-2007:0327 REDHAT RHSA-2007:0360 REDHAT RHSA-2008:0261 HP SSRT071447 SUSE SUSE-SR:2007:005 SUSE SUSE-SR:2007:015 MLIST [Security-announce] 20080107 VMSA-2008-0002 Low severity security update for VirtualCenter and ESX Server 3.0.2, and ESX 3.0.1 MLIST [tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/ MLIST [tomcat-dev] 20190319 svn commit: r1855831 [26/30] - in /tomcat/site/trunk: ./ docs/ xdocs/ MLIST [tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/ MLIST [tomcat-dev] 20190325 svn commit: r1856174 [25/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/ CONFIRM http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx CONFIRM http://docs.info.apple.com/article.html?artnum=306172 CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2007-206.htm CONFIRM http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540 CONFIRM http://tomcat.apache.org/security-4.html CONFIRM http://tomcat.apache.org/security-5.html CONFIRM http://tomcat.apache.org/security-6.html CONFIRM http://www.fujitsu.com/global/support/software/security/products-f/interstage-200702e.html MISC http://www.sec-consult.com/287.html MISC http://www.sec-consult.com/fileadmin/Advisories/20070314-0-apache_tomcat_directory_traversal.txt XF tomcat-proxy-directory-traversal(32988) Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.