CVE-2007-5461
EPSS 6.3%Apache Tomcat Path Traversal Vulnerability
Published: 5/1/2022Modified: 1/8/2024
Description
Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.
Affected packages (1)
- Maven/org.apache.tomcat:tomcat>= 4.0.0, <= 4.0.6
References (35)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2007-5461
- WEBhttp://geronimo.apache.org/2007/10/18/potential-vulnerability-in-apache-tomcat-webdav-servlet.html
- WEBhttp://issues.apache.org/jira/browse/GERONIMO-3549
- WEBhttp://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html
- WEBhttp://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
- WEBhttp://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html
- WEBhttp://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
- WEBhttp://mail-archives.apache.org/mod_mbox/tomcat-users/200710.mbox/%[email protected]%3E
- WEBhttp://marc.info/?l=bugtraq&m=139344343412337&w=2
- WEBhttp://marc.info/?l=full-disclosure&m=119239530508382
- WEBhttp://rhn.redhat.com/errata/RHSA-2008-0630.html
- WEBhttp://security.gentoo.org/glsa/glsa-200804-10.xml
- WEBhttps://exchange.xforce.ibmcloud.com/vulnerabilities/37243
- WEBhttps://github.com/apache/tomcat
- WEBhttps://github.com/apache/tomcat/commit/1e7b31e24801777f4de45d565f6a20a5377dd22c
- WEBhttps://github.com/apache/tomcat/commit/901292cf9d7d8225f8a3b96c7583e2bd8b41772d
- WEBhttps://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E
- WEBhttps://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E
- WEBhttps://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E
- WEBhttps://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E
- WEBhttps://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E
- WEBhttps://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E
- WEBhttps://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E
- WEBhttp://support.apple.com/kb/HT2163
- WEBhttp://support.apple.com/kb/HT3216
- WEBhttps://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html
- WEBhttp://tomcat.apache.org/security-4.html
- WEBhttp://tomcat.apache.org/security-5.html
- WEBhttp://tomcat.apache.org/security-6.html
- WEBhttp://www.debian.org/security/2008/dsa-1447
- WEBhttp://www.debian.org/security/2008/dsa-1453
- WEBhttp://www.redhat.com/support/errata/RHSA-2008-0042.html
- WEBhttp://www.redhat.com/support/errata/RHSA-2008-0195.html
- WEBhttp://www.redhat.com/support/errata/RHSA-2008-0261.html
- WEBhttp://www.redhat.com/support/errata/RHSA-2008-0862.html