CVE-2007-5461

Properties

Published:
14.10.2007
Updated:
30.06.2009
Patch available:
Severity:
Low
  • CVSS vector:
    (AV:N/AC:M/Au:S/C:P/I:N/A:N)
    Product:
    apache: tomcat

    Vulnerability description

    Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.

    References:

    FEDORA: https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html
    XF: http://xforce.iss.net/xforce/xfdb/37243
    CONFIRM: http://www.vmware.com/security/advisories/VMSA-2008-0010.html
    SECTRACK: http://www.securitytracker.com/id?1018864
    BID: http://www.securityfocus.com/bid/31681
    BID: http://www.securityfocus.com/bid/26070
    REDHAT: http://www.redhat.com/support/errata/RHSA-2008-0862.html
    MILW0RM: http://www.milw0rm.com/exploits/4530
    MANDRIVA: http://www.mandriva.com/security/advisories?name=MDVSA-2009:136
    VUPEN: http://www.frsirt.com/english/advisories/2008/2823
    VUPEN: http://www.frsirt.com/english/advisories/2008/2780
    VUPEN: http://www.frsirt.com/english/advisories/2008/1981/references
    VUPEN: http://www.frsirt.com/english/advisories/2008/1979/references
    VUPEN: http://www.frsirt.com/english/advisories/2008/1856/references
    VUPEN: http://www.frsirt.com/english/advisories/2007/3674
    VUPEN: http://www.frsirt.com/english/advisories/2007/3671
    VUPEN: http://www.frsirt.com/english/advisories/2007/3622
    CONFIRM: http://www-1.ibm.com/support/docview.wss?uid=swg21286112
    CONFIRM: http://tomcat.apache.org/security-6.html
    CONFIRM: http://tomcat.apache.org/security-5.html
    CONFIRM: http://tomcat.apache.org/security-4.html
    CONFIRM: http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm
    CONFIRM: http://support.apple.com/kb/HT3216
    CONFIRM: http://support.apple.com/kb/HT2163
    SUNALERT: http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1
    SECUNIA: http://secunia.com/advisories/32266
    SECUNIA: http://secunia.com/advisories/32222
    SECUNIA: http://secunia.com/advisories/32120
    SECUNIA: http://secunia.com/advisories/31493
    SECUNIA: http://secunia.com/advisories/30908
    SECUNIA: http://secunia.com/advisories/30899
    SECUNIA: http://secunia.com/advisories/30802
    SECUNIA: http://secunia.com/advisories/30676
    SECUNIA: http://secunia.com/advisories/27727
    SECUNIA: http://secunia.com/advisories/27481
    SECUNIA: http://secunia.com/advisories/27446
    SECUNIA: http://secunia.com/advisories/27398
    REDHAT: http://rhn.redhat.com/errata/RHSA-2008-0630.html
    FULLDISC: http://marc.info/?l=full-disclosure&m=119239530508382
    MLIST: http://mail-archives.apache.org/mod_mbox/tomcat-users/200710.mbox/%3C47135C2D.1000705@apache.org%3E
    SUSE: http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
    APPLE: http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
    APPLE: http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html
    MISC: http://issues.apache.org/jira/browse/GERONIMO-3549
    CONFIRM: http://geronimo.apache.org/2007/10/18/potential-vulnerability-in-apache-tomcat-webdav-servlet.html
    REDHAT: http://www.redhat.com/support/errata/RHSA-2008-0261.html
    REDHAT: http://www.redhat.com/support/errata/RHSA-2008-0195.html
    REDHAT: http://www.redhat.com/support/errata/RHSA-2008-0042.html
    MANDRIVA: http://www.mandriva.com/security/advisories?name=MDKSA-2007:241
    DEBIAN: http://www.debian.org/security/2008/dsa-1453
    DEBIAN: http://www.debian.org/security/2008/dsa-1447
    GENTOO: http://security.gentoo.org/glsa/glsa-200804-10.xml
    SECUNIA: http://secunia.com/advisories/29711
    SECUNIA: http://secunia.com/advisories/29313
    SECUNIA: http://secunia.com/advisories/29242
    SECUNIA: http://secunia.com/advisories/28361
    SECUNIA: http://secunia.com/advisories/28317
    SUSE: http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html