CVE-2007-5461

Impact:
Important
Public Date:
2007-10-14
Bugzilla:
333791: CVE-2007-5461 Absolute path traversal Apache Tomcat WEBDAV

The MITRE CVE dictionary describes this issue as:

Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.

Find out more about CVE-2007-5461 from the MITRE CVE dictionary dictionary and NIST NVD.

Red Hat Security Errata

Platform Errata Release Date
Red Hat Application Stack v1 for Enterprise Linux AS (v.4) (jbossas) RHSA-2008:0158 2008-03-24
Red Hat Certificate System 7.3 for 4AS RHSA-2010:0602 2010-08-04
Red Hat Satellite v 4.2 (RHEL v.4 AS) RHSA-2008:0524 2008-06-30
Red Hat Developer Suite v.3 (AS v.4) (tomcat5) RHSA-2008:0195 2008-04-28
Red Hat Satellite 5.0 (RHEL v.4 AS) RHSA-2008:0261 2008-05-20
Red Hat Satellite 5.1 (RHEL v.4 AS) RHSA-2008:0630 2008-08-13
Red Hat Application Server v2 4AS (tomcat5) RHSA-2008:0862 2008-10-02
Red Hat Application Stack v2 for Enterprise Linux (v.5) (jbossas) RHSA-2008:0158 2008-03-24
Red Hat Enterprise Linux version 5 (tomcat5) RHSA-2008:0042 2008-03-11
Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS (jbossas) RHSA-2008:0151 2008-04-02
Red Hat Satellite v 4.2 (RHEL v.3 AS) RHSA-2008:0524 2008-06-30
Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server (jbossas) RHSA-2008:0213 2008-04-02