[Forgot Password]
Login  Register Subscribe

24128

 
 

131615

 
 

114563

 
 

909

 
 

88860

 
 

136

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML view JSON

CVE-2007-5461Date: (C)2007-10-15   (M)2018-06-01


Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 3.5
Exploit Score: 6.8
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: SINGLE_INSTANCE
Confidentiality: PARTIAL
Integrity: NONE
Availability: NONE
  
Reference:
SECTRACK-1018864
http://marc.info/?l=full-disclosure&m=119239530508382
http://www.securityfocus.com/archive/1/archive/1/507985/100/0/threaded
SUNALERT-239312
BID-26070
SECUNIA-27398
SECUNIA-27446
SECUNIA-27481
SECUNIA-27727
SECUNIA-28317
SECUNIA-28361
SECUNIA-29242
SECUNIA-29313
SECUNIA-29711
SECUNIA-30676
SECUNIA-30802
SECUNIA-30899
SECUNIA-30908
SECUNIA-31493
BID-31681
SECUNIA-32120
SECUNIA-32222
SECUNIA-32266
SECUNIA-37460
EXPLOIT-DB-4530
ADV-2007-3622
ADV-2007-3671
ADV-2007-3674
ADV-2008-1856
ADV-2008-1979
ADV-2008-1981
ADV-2008-2780
ADV-2008-2823
ADV-2009-3316
APPLE-SA-2008-06-30
APPLE-SA-2008-10-09
DSA-1447
DSA-1453
FEDORA-2007-3456
GLSA-200804-10
HPSBST02955
MDKSA-2007:241
MDVSA-2009:136
RHSA-2008:0042
RHSA-2008:0195
RHSA-2008:0261
RHSA-2008:0630
RHSA-2008:0862
SUSE-SR:2008:005
SUSE-SR:2009:004
http://mail-archives.apache.org/mod_mbox/tomcat-users/200710.mbox/%3C47135C2D.1000705@apache.org%3E
apache-tomcat-webdav-dir-traversal(37243)
http://geronimo.apache.org/2007/10/18/potential-vulnerability-in-apache-tomcat-webdav-servlet.html
http://issues.apache.org/jira/browse/GERONIMO-3549
http://support.apple.com/kb/HT2163
http://support.apple.com/kb/HT3216
http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm
http://tomcat.apache.org/security-4.html
http://tomcat.apache.org/security-5.html
http://tomcat.apache.org/security-6.html
http://www-1.ibm.com/support/docview.wss?uid=swg21286112
http://www.vmware.com/security/advisories/VMSA-2008-0010.html
http://www.vmware.com/security/advisories/VMSA-2009-0016.html

CPE    19
cpe:/a:apache:tomcat:4.0.3
cpe:/a:apache:tomcat:4.1.2
cpe:/a:apache:tomcat:4.0.2
cpe:/a:apache:tomcat:4.1.1
...
CWE    1
CWE-22
OVAL    3
oval:org.mitre.oval:def:7989
oval:org.mitre.oval:def:7988
oval:org.secpod.oval:def:300556

© SecPod Technologies