Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-f5mx-3ftb-ykhz
Vulnerability ID VCID-f5mx-3ftb-ykhz
Aliases CVE-2007-1860
Summary mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. (dot dot) sequences and directory traversal, a related issue to CVE-2007-0450.
Status Published
Exploitability 0.5
Weighted Severity 0.2
Risk 0.1
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
epss 0.24507 https://api.first.org/data/v1/epss?cve=CVE-2007-1860
epss 0.24507 https://api.first.org/data/v1/epss?cve=CVE-2007-1860
epss 0.24507 https://api.first.org/data/v1/epss?cve=CVE-2007-1860
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-1860.json
https://api.first.org/data/v1/epss?cve=CVE-2007-1860
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1860
237656 https://bugzilla.redhat.com/show_bug.cgi?id=237656
425836 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=425836
GLSA-200708-15 https://security.gentoo.org/glsa/200708-15
RHSA-2007:0379 https://access.redhat.com/errata/RHSA-2007:0379
RHSA-2007:0380 https://access.redhat.com/errata/RHSA-2007:0380
No exploits are available.
There are no known vectors.
Exploit Prediction Scoring System (EPSS)
Percentile 0.96219
EPSS Score 0.24507
Published At June 4, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-04T16:40:00.624850+00:00 Debian Importer Import https://security-tracker.debian.org/tracker/data/json 38.6.0