Detections
Analytics
CVE-2007-5461
medium
Description
Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.
References
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html
https://www.exploit-db.com/exploits/4530
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9202
https://exchange.xforce.ibmcloud.com/vulnerabilities/37243
http://www.vupen.com/english/advisories/2009/3316
http://www.vupen.com/english/advisories/2008/2823
http://www.vupen.com/english/advisories/2008/2780
http://www.vupen.com/english/advisories/2008/1981/references
http://www.vupen.com/english/advisories/2008/1979/references
http://www.vupen.com/english/advisories/2008/1856/references
http://www.vupen.com/english/advisories/2007/3674
http://www.vupen.com/english/advisories/2007/3671
http://www.vupen.com/english/advisories/2007/3622
http://www.vmware.com/security/advisories/VMSA-2009-0016.html
http://www.vmware.com/security/advisories/VMSA-2008-0010.html
http://www.securitytracker.com/id?1018864
http://www.securityfocus.com/bid/31681
http://www.securityfocus.com/bid/26070
http://www.securityfocus.com/archive/1/507985/100/0/threaded
http://www.redhat.com/support/errata/RHSA-2008-0862.html
http://www.redhat.com/support/errata/RHSA-2008-0261.html
http://www.redhat.com/support/errata/RHSA-2008-0195.html
http://www.redhat.com/support/errata/RHSA-2008-0042.html
http://www.mandriva.com/security/advisories?name=MDVSA-2009:136
http://www.mandriva.com/security/advisories?name=MDKSA-2007:241
http://www.debian.org/security/2008/dsa-1453
http://www.debian.org/security/2008/dsa-1447
http://www-1.ibm.com/support/docview.wss?uid=swg21286112
http://tomcat.apache.org/security-6.html
http://tomcat.apache.org/security-5.html
http://tomcat.apache.org/security-4.html
http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm
http://support.apple.com/kb/HT3216
http://support.apple.com/kb/HT2163
http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1
http://security.gentoo.org/glsa/glsa-200804-10.xml
http://secunia.com/advisories/57126
http://secunia.com/advisories/37460
http://secunia.com/advisories/32266
http://secunia.com/advisories/32222
http://secunia.com/advisories/32120
http://secunia.com/advisories/31493
http://secunia.com/advisories/30908
http://secunia.com/advisories/30899
http://secunia.com/advisories/30802
http://secunia.com/advisories/30676
http://secunia.com/advisories/29711
http://secunia.com/advisories/29313
http://secunia.com/advisories/29242
http://secunia.com/advisories/28361
http://secunia.com/advisories/28317
http://secunia.com/advisories/27727
http://secunia.com/advisories/27481
http://secunia.com/advisories/27446
http://secunia.com/advisories/27398
http://rhn.redhat.com/errata/RHSA-2008-0630.html
http://marc.info/?l=bugtraq&m=139344343412337&w=2
http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html
http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html
http://issues.apache.org/jira/browse/GERONIMO-3549
http://geronimo.apache.org/2007/10/18/potential-vulnerability-in-apache-tomcat-webdav-servlet.html