You are here

CVE-2007-5461

Vincent (CVE) Danen's picture
Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.

Details Source

Mitre

Public Date

2007-10-14 00:00:00

Impact

Important

Bugzilla

CVE-2007-5461 Absolute path traversal Apache Tomcat WEBDAV

Bugzilla ID

333 791

CVSS Status

draft

Red Hat Security Errata

Platform Errata Release Date
Red Hat Application Stack v1 for Enterprise Linux AS (v.4) RHSA-2008:0158 2008-03-24
Red Hat Enterprise Linux 5 (tomcat5) RHSA-2008:0042 2008-03-11
Red Hat Certificate System 7.3 for 4AS RHSA-2010:0602 2010-08-04
Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS RHSA-2008:0151 2008-04-02
Red Hat Developer Suite v.3 (AS v.4) (tomcat5) RHSA-2008:0195 2008-04-28
Red Hat Satellite 5.0 (RHEL v.4 AS) RHSA-2008:0261 2008-05-20
Red Hat Satellite 5.1 (RHEL v.4 AS) RHSA-2008:0630 2008-08-13
Red Hat Application Server v2 4AS (tomcat5) RHSA-2008:0862 2008-10-02
Red Hat Application Stack v2 for Enterprise Linux (v.5) RHSA-2008:0158 2008-03-24
Red Hat Satellite v 4.2 (RHEL v.4 AS) RHSA-2008:0524 2008-06-30
Red Hat Satellite v 4.2 (RHEL v.3 AS) RHSA-2008:0524 2008-06-30
Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server RHSA-2008:0213 2008-04-02