Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-5461

Overview

Vulnerability Score 3.5 3.5
CVE Id CVE-2007-5461
Last Modified 15 Mar 2014 11:17:13
Published 15 Oct 2007 02:17:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2007-5461

Summary

Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.

Vulnerable Systems

Application

  • Apache Tomcat


References

FEDORA - FEDORA-2007-3456

XF - apache-tomcat-webdav-dir-traversal(37243)

VUPEN - ADV-2009-3316

VUPEN - ADV-2008-2823

VUPEN - ADV-2008-2780

VUPEN - ADV-2008-1981

VUPEN - ADV-2008-1979

VUPEN - ADV-2008-1856

VUPEN - ADV-2007-3674

VUPEN - ADV-2007-3671

VUPEN - ADV-2007-3622

CONFIRM - http://www.vmware.com/security/advisories/VMSA-2009-0016.html

CONFIRM - http://www.vmware.com/security/advisories/VMSA-2008-0010.html

SECTRACK - 1018864

BID - 31681

BID - 26070

BUGTRAQ - 20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components

REDHAT - RHSA-2008:0862

MILW0RM - 4530

MANDRIVA - MDVSA-2009:136

CONFIRM - http://www-1.ibm.com/support/docview.wss?uid=swg21286112

CONFIRM - http://tomcat.apache.org/security-6.html

CONFIRM - http://tomcat.apache.org/security-5.html

CONFIRM - http://tomcat.apache.org/security-4.html

CONFIRM - http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm

CONFIRM - http://support.apple.com/kb/HT3216

CONFIRM - http://support.apple.com/kb/HT2163

SUNALERT - 239312

SECUNIA - 37460

SECUNIA - 32266

SECUNIA - 32222

SECUNIA - 32120

SECUNIA - 31493

SECUNIA - 30908

SECUNIA - 30899

SECUNIA - 30802

SECUNIA - 30676

SECUNIA - 27727

SECUNIA - 27481

SECUNIA - 27446

SECUNIA - 27398

REDHAT - RHSA-2008:0630

FULLDISC - 20071014 Apache Tomcat Rem0Te FiLe DiscloSure ZeroDay

MLIST - [tomcat-users] 20071015 [Security] - Important vulnerability disclosed in Apache Tomcat webdav servlet

SUSE - SUSE-SR:2009:004

APPLE - APPLE-SA-2008-10-09

APPLE - APPLE-SA-2008-06-30

MISC - http://issues.apache.org/jira/browse/GERONIMO-3549

CONFIRM - http://geronimo.apache.org/2007/10/18/potential-vulnerability-in-apache-tomcat-webdav-servlet.html

REDHAT - RHSA-2008:0261

REDHAT - RHSA-2008:0195

REDHAT - RHSA-2008:0042

MANDRIVA - MDKSA-2007:241

DEBIAN - DSA-1453

DEBIAN - DSA-1447

GENTOO - GLSA-200804-10

SECUNIA - 29711

SECUNIA - 29313

SECUNIA - 29242

SECUNIA - 28361

SECUNIA - 28317

SUSE - SUSE-SR:2008:005

HP - HPSBST02955

SECUNIA - 57126

Related Patches

Apple 2008-06-30 Security Update 2008-004 (PPC)

Apple 2008-06-30 Security Update 2008-004 Server (PPC)

Apple 2008-06-30 Security Update 2008-004 (Intel)

Apple 2008-06-30 Security Update 2008-004 Server (Intel)

Apple 2008-10-09 Security Update 2008-007 Server (Leopard)


Last Updated: 27 May 2016 11:04:35