Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-9p71-wr2h-4qdp
Vulnerability ID VCID-9p71-wr2h-4qdp
Aliases CVE-2007-1860
Summary A directory traversal vulnerability has been discovered in Apache mod_jk.
Status Published
Exploitability 0.5
Weighted Severity 4.5
Risk 2.2
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
System Score Found at
epss 0.24507 https://api.first.org/data/v1/epss?cve=CVE-2007-1860
epss 0.24507 https://api.first.org/data/v1/epss?cve=CVE-2007-1860
epss 0.24507 https://api.first.org/data/v1/epss?cve=CVE-2007-1860
epss 0.24507 https://api.first.org/data/v1/epss?cve=CVE-2007-1860
epss 0.24507 https://api.first.org/data/v1/epss?cve=CVE-2007-1860
epss 0.24507 https://api.first.org/data/v1/epss?cve=CVE-2007-1860
epss 0.24507 https://api.first.org/data/v1/epss?cve=CVE-2007-1860
epss 0.24507 https://api.first.org/data/v1/epss?cve=CVE-2007-1860
epss 0.24507 https://api.first.org/data/v1/epss?cve=CVE-2007-1860
epss 0.24507 https://api.first.org/data/v1/epss?cve=CVE-2007-1860
epss 0.24507 https://api.first.org/data/v1/epss?cve=CVE-2007-1860
epss 0.24507 https://api.first.org/data/v1/epss?cve=CVE-2007-1860
epss 0.24507 https://api.first.org/data/v1/epss?cve=CVE-2007-1860
epss 0.24507 https://api.first.org/data/v1/epss?cve=CVE-2007-1860
cvssv2 5.0 https://nvd.nist.gov/vuln/detail/CVE-2007-1860
Reference id Reference type URL
http://docs.info.apple.com/article.html?artnum=306172
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795
http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-1860.json
https://api.first.org/data/v1/epss?cve=CVE-2007-1860
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1860
http://secunia.com/advisories/25383
http://secunia.com/advisories/25701
http://secunia.com/advisories/26235
http://secunia.com/advisories/26512
http://secunia.com/advisories/27037
http://secunia.com/advisories/29242
http://security.gentoo.org/glsa/glsa-200708-15.xml
https://exchange.xforce.ibmcloud.com/vulnerabilities/34496
https://lists.apache.org/thread.html/277d42b48b6e9aef50949c0dcc79ce21693091d73da246b3c1981925%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/5b7a23e245c93235c503900da854a143596d901bf1a1f67e851a5de4%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/8d2a579bbd977c225c70cb23b0ec54865fb0dab5da3eff1e060c9935%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r5c616dfc49156e4b06ffab842800c80f4425924d0f20c452c127a53c%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3E
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6002
http://tomcat.apache.org/connectors-doc/news/20070301.html#20070518.1
http://tomcat.apache.org/security-jk.html
http://www.debian.org/security/2007/dsa-1312
http://www.osvdb.org/34877
http://www.redhat.com/support/errata/RHSA-2007-0379.html
http://www.redhat.com/support/errata/RHSA-2008-0261.html
http://www.securityfocus.com/bid/24147
http://www.securityfocus.com/bid/25159
http://www.securitytracker.com/id?1018138
http://www.vupen.com/english/advisories/2007/1941
http://www.vupen.com/english/advisories/2007/2732
http://www.vupen.com/english/advisories/2007/3386
237656 https://bugzilla.redhat.com/show_bug.cgi?id=237656
425836 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=425836
cpe:2.3:a:apache:tomcat_jk_web_server_connector:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat_jk_web_server_connector:*:*:*:*:*:*:*:*
CVE-2007-1860 https://nvd.nist.gov/vuln/detail/CVE-2007-1860
GLSA-200708-15 https://security.gentoo.org/glsa/200708-15
RHSA-2007:0379 https://access.redhat.com/errata/RHSA-2007:0379
RHSA-2007:0380 https://access.redhat.com/errata/RHSA-2007:0380
No exploits are available.
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2007-1860
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.96081
EPSS Score 0.24507
Published At April 1, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T13:10:21.136968+00:00 Gentoo Importer Import https://security.gentoo.org/glsa/200708-15 38.0.0