[Forgot Password]
Login  Register Subscribe

23631

 
 

115083

 
 

97147

 
 

909

 
 

78730

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2007-5461

Date: (C)2007-10-15   (M)2017-10-04
 
CVSS Score: 3.5Access Vector: NETWORK
Exploitability Subscore: 6.8Access Complexity: MEDIUM
Impact Subscore: 2.9Authentication: SINGLE_INSTANCE
 Confidentiality: PARTIAL
 Integrity: NONE
 Availability: NONE











Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.

Reference:
SECTRACK-1018864
http://marc.info/?l=full-disclosure&m=119239530508382
http://www.securityfocus.com/archive/1/archive/1/507985/100/0/threaded
SUNALERT-239312
BID-26070
SECUNIA-27398
SECUNIA-27446
SECUNIA-27481
SECUNIA-27727
SECUNIA-28317
SECUNIA-28361
SECUNIA-29242
SECUNIA-29313
SECUNIA-29711
SECUNIA-30676
SECUNIA-30802
SECUNIA-30899
SECUNIA-30908
SECUNIA-31493
BID-31681
SECUNIA-32120
SECUNIA-32222
SECUNIA-32266
SECUNIA-37460
EXPLOIT-DB-4530
ADV-2007-3622
ADV-2007-3671
ADV-2007-3674
ADV-2008-1856
ADV-2008-1979
ADV-2008-1981
ADV-2008-2780
ADV-2008-2823
ADV-2009-3316
APPLE-SA-2008-06-30
APPLE-SA-2008-10-09
DSA-1447
DSA-1453
FEDORA-2007-3456
GLSA-200804-10
HPSBST02955
MDKSA-2007:241
MDVSA-2009:136
RHSA-2008:0042
RHSA-2008:0195
RHSA-2008:0261
RHSA-2008:0630
RHSA-2008:0862
SUSE-SR:2008:005
SUSE-SR:2009:004
http://mail-archives.apache.org/mod_mbox/tomcat-users/200710.mbox/%3C47135C2D.1000705@apache.org%3E
apache-tomcat-webdav-dir-traversal(37243)
http://geronimo.apache.org/2007/10/18/potential-vulnerability-in-apache-tomcat-webdav-servlet.html
http://issues.apache.org/jira/browse/GERONIMO-3549
http://support.apple.com/kb/HT2163
http://support.apple.com/kb/HT3216
http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm
http://tomcat.apache.org/security-4.html
http://tomcat.apache.org/security-5.html
http://tomcat.apache.org/security-6.html
http://www-1.ibm.com/support/docview.wss?uid=swg21286112
http://www.vmware.com/security/advisories/VMSA-2008-0010.html
http://www.vmware.com/security/advisories/VMSA-2009-0016.html

CPE    19
cpe:/a:apache:tomcat:4.0.3
cpe:/a:apache:tomcat:4.1.2
cpe:/a:apache:tomcat:4.0.2
cpe:/a:apache:tomcat:4.1.1
...
CWE    1
CWE-22
OVAL    3
oval:org.secpod.oval:def:300556
oval:org.mitre.oval:def:7988
oval:org.mitre.oval:def:7989

© 2013 SecPod Technologies