Vulnerability Description
Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Tomcat | 4.0.0 |
Related Weaknesses (CWE)
References
- http://geronimo.apache.org/2007/10/18/potential-vulnerability-in-apache-tomcat-w
- http://issues.apache.org/jira/browse/GERONIMO-3549
- http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html
- http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
- http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html
- http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
- http://mail-archives.apache.org/mod_mbox/tomcat-users/200710.mbox/%3C47135C2D.10
- http://marc.info/?l=bugtraq&m=139344343412337&w=2
- http://marc.info/?l=full-disclosure&m=119239530508382Exploit
- http://rhn.redhat.com/errata/RHSA-2008-0630.html
- http://secunia.com/advisories/27398
- http://secunia.com/advisories/27446
- http://secunia.com/advisories/27481
- http://secunia.com/advisories/27727
- http://secunia.com/advisories/28317
FAQ
What is CVE-2007-5461?
CVE-2007-5461 is a vulnerability with a CVSS score of 3.5 (LOW). Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated user...
How severe is CVE-2007-5461?
CVE-2007-5461 has been rated LOW with a CVSS base score of 3.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-5461?
Check the references section above for vendor advisories and patch information. Affected products include: Apache Tomcat.