CVE-2007-5461

Published: Oct 15, 2007

Modified: Aug 7, 2024

PUBLISHED

Description

Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

DSA-1453

vendor-advisory

x_refsource_DEBIAN

http://tomcat.apache.org/security-4.html

x_refsource_CONFIRM

30908

third-party-advisory

x_refsource_SECUNIA

http://support.apple.com/kb/HT2163

x_refsource_CONFIRM

[tomcat-users] 20071015 [Security] - Important vulnerability disclosed in Apache Tomcat webdav servlet

mailing-list

x_refsource_MLIST

26070

vdb-entry

x_refsource_BID

27446

third-party-advisory

x_refsource_SECUNIA

20071014 Apache Tomcat Rem0Te FiLe DiscloSure ZeroDay

mailing-list

x_refsource_FULLDISC

30676

third-party-advisory

x_refsource_SECUNIA

RHSA-2008:0630

vendor-advisory

x_refsource_REDHAT

239312

vendor-advisory

x_refsource_SUNALERT

apache-tomcat-webdav-dir-traversal(37243)

vdb-entry

x_refsource_XF

oval:org.mitre.oval:def:9202

vdb-entry

signature

x_refsource_OVAL

RHSA-2008:0862

vendor-advisory

x_refsource_REDHAT

ADV-2008-1981

vdb-entry

x_refsource_VUPEN

30899

third-party-advisory

x_refsource_SECUNIA

FEDORA-2007-3456

vendor-advisory

x_refsource_FEDORA

31493

third-party-advisory

x_refsource_SECUNIA

29242

third-party-advisory

x_refsource_SECUNIA

ADV-2008-2823

vdb-entry

x_refsource_VUPEN

37460

third-party-advisory

x_refsource_SECUNIA

ADV-2008-1979

vdb-entry

x_refsource_VUPEN

29313

third-party-advisory

x_refsource_SECUNIA

31681

vdb-entry

x_refsource_BID

32120

third-party-advisory

x_refsource_SECUNIA

ADV-2007-3671

vdb-entry

x_refsource_VUPEN

http://www.vmware.com/security/advisories/VMSA-2009-0016.html

x_refsource_CONFIRM

27398

third-party-advisory

x_refsource_SECUNIA

RHSA-2008:0042

vendor-advisory

x_refsource_REDHAT

SUSE-SR:2008:005

vendor-advisory

x_refsource_SUSE

1018864

vdb-entry

x_refsource_SECTRACK

28361

third-party-advisory

x_refsource_SECUNIA

28317

third-party-advisory

x_refsource_SECUNIA

APPLE-SA-2008-06-30

vendor-advisory

x_refsource_APPLE

http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm

x_refsource_CONFIRM

ADV-2007-3674

vdb-entry

x_refsource_VUPEN

20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components

mailing-list

x_refsource_BUGTRAQ

SUSE-SR:2009:004

vendor-advisory

x_refsource_SUSE

http://tomcat.apache.org/security-6.html

x_refsource_CONFIRM

57126

third-party-advisory

x_refsource_SECUNIA

32222

third-party-advisory

x_refsource_SECUNIA

30802

third-party-advisory

x_refsource_SECUNIA

RHSA-2008:0195

vendor-advisory

x_refsource_REDHAT

GLSA-200804-10

vendor-advisory

x_refsource_GENTOO

http://geronimo.apache.org/2007/10/18/potential-vulnerability-in-apache-tomcat-webdav-servlet.html

x_refsource_CONFIRM

ADV-2007-3622

vdb-entry

x_refsource_VUPEN

http://www-1.ibm.com/support/docview.wss?uid=swg21286112

x_refsource_CONFIRM

27727

third-party-advisory

x_refsource_SECUNIA

ADV-2008-1856

vdb-entry

x_refsource_VUPEN

http://www.vmware.com/security/advisories/VMSA-2008-0010.html

x_refsource_CONFIRM

http://tomcat.apache.org/security-5.html

x_refsource_CONFIRM

ADV-2008-2780

vdb-entry

x_refsource_VUPEN

RHSA-2008:0261

vendor-advisory

x_refsource_REDHAT

4530

exploit

x_refsource_EXPLOIT-DB

MDVSA-2009:136

vendor-advisory

x_refsource_MANDRIVA

DSA-1447

vendor-advisory

x_refsource_DEBIAN

27481

third-party-advisory

x_refsource_SECUNIA

HPSBST02955

vendor-advisory

x_refsource_HP

APPLE-SA-2008-10-09

vendor-advisory

x_refsource_APPLE

http://support.apple.com/kb/HT3216

x_refsource_CONFIRM

MDKSA-2007:241

vendor-advisory

x_refsource_MANDRIVA

29711

third-party-advisory

x_refsource_SECUNIA

http://issues.apache.org/jira/browse/GERONIMO-3549

x_refsource_MISC

ADV-2009-3316

vdb-entry

x_refsource_VUPEN

32266

third-party-advisory

x_refsource_SECUNIA

[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/

mailing-list

x_refsource_MLIST

[tomcat-dev] 20190319 svn commit: r1855831 [22/30] - in /tomcat/site/trunk: ./ docs/ xdocs/

mailing-list

x_refsource_MLIST

[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/

mailing-list

x_refsource_MLIST

[tomcat-dev] 20190325 svn commit: r1856174 [20/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/

mailing-list

x_refsource_MLIST

[tomcat-dev] 20200203 svn commit: r1873527 [22/30] - /tomcat/site/trunk/docs/

mailing-list

x_refsource_MLIST

[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/

mailing-list

x_refsource_MLIST

[tomcat-dev] 20200213 svn commit: r1873980 [25/34] - /tomcat/site/trunk/docs/

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2007-5461

Description

Affected Products

References