mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. (dot dot) sequences and directory traversal, a related issue to CVE-2007-0450.
http://docs.info.apple.com/article.html?artnum=306172
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795
http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html
http://secunia.com/advisories/25383
http://secunia.com/advisories/25701
http://secunia.com/advisories/26235
http://secunia.com/advisories/26512
http://secunia.com/advisories/27037
http://secunia.com/advisories/29242
http://security.gentoo.org/glsa/glsa-200708-15.xml
http://tomcat.apache.org/connectors-doc/news/20070301.html#20070518.1
http://tomcat.apache.org/security-jk.html
http://www.debian.org/security/2007/dsa-1312
http://www.redhat.com/support/errata/RHSA-2007-0379.html
http://www.redhat.com/support/errata/RHSA-2008-0261.html
http://www.securityfocus.com/bid/24147
http://www.securityfocus.com/bid/25159
http://www.securitytracker.com/id?1018138
http://www.vupen.com/english/advisories/2007/1941
http://www.vupen.com/english/advisories/2007/2732
http://www.vupen.com/english/advisories/2007/3386
https://exchange.xforce.ibmcloud.com/vulnerabilities/34496
https://lists.apache.org/thread.html/[email protected]%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Cdev.tomcat.apache.org%3E
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6002