tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Aditi Sinha <>
Subject Need help to understand CVE-2007-0450
Date Wed, 21 Nov 2012 13:40:35 GMT

We have a web server hosted on Tomcat 7.0.22.

There are two connectors defined server.xml listening at port 8080 and 8443.
During vulnerability scan a 3rd party tool reported  CVE-2007-0450 “Apache
Tomcat Directory Traversal Attack” on both ports 8080 and 8443.
The tool was able to access the Tomcat manager application with the
following URL :

As per Tomcat security documents the issue is not present in Tomcat 7.
Is there anything wrong in our web application deployment?
Any help appreciated.

Thanks & Regards,

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message