3.5
CVE-2007-5461
- EPSS 39.68%
- Veröffentlicht 15.10.2007 18:17:00
- Zuletzt bearbeitet 16.06.2026 22:46:11
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 39.68% | 0.984 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 3.5 | 6.8 | 2.9 |
AV:N/AC:M/Au:S/C:P/I:N/A:N
|
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E
http://tomcat.apache.org/security-4.html
http://secunia.com/advisories/30899
http://secunia.com/advisories/30908
http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1
http://www.vupen.com/english/advisories/2008/1979/references
http://www.redhat.com/support/errata/RHSA-2008-0261.html
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html
http://secunia.com/advisories/29242
http://tomcat.apache.org/security-5.html
http://tomcat.apache.org/security-6.html
http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html
http://secunia.com/advisories/30802
http://support.apple.com/kb/HT2163
http://www.vupen.com/english/advisories/2008/1981/references
http://rhn.redhat.com/errata/RHSA-2008-0630.html
http://secunia.com/advisories/31493
http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
http://www.mandriva.com/security/advisories?name=MDKSA-2007:241
http://www.securityfocus.com/archive/1/507985/100/0/threaded
http://www.vmware.com/security/advisories/VMSA-2009-0016.html
http://www.vupen.com/english/advisories/2009/3316
http://secunia.com/advisories/27727
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html
http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
http://secunia.com/advisories/32222
http://support.apple.com/kb/HT3216
http://www.securityfocus.com/bid/31681
http://www.vupen.com/english/advisories/2008/2780
https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E
http://secunia.com/advisories/28317
http://secunia.com/advisories/28361
http://www.debian.org/security/2008/dsa-1447
http://www.debian.org/security/2008/dsa-1453
http://www.redhat.com/support/errata/RHSA-2008-0195.html
https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E
http://secunia.com/advisories/30676
http://www.vmware.com/security/advisories/VMSA-2008-0010.html
http://www.vupen.com/english/advisories/2008/1856/references
http://geronimo.apache.org/2007/10/18/potential-vulnerability-in-apache-tomcat-webdav-servlet.html
http://issues.apache.org/jira/browse/GERONIMO-3549
http://mail-archives.apache.org/mod_mbox/tomcat-users/200710.mbox/%3C47135C2D.1000705%40apache.org%3E
http://marc.info/?l=bugtraq&m=139344343412337&w=2
http://marc.info/?l=full-disclosure&m=119239530508382
http://secunia.com/advisories/27398
http://secunia.com/advisories/27446
http://secunia.com/advisories/27481
http://secunia.com/advisories/29313
http://secunia.com/advisories/29711
http://secunia.com/advisories/32120
http://secunia.com/advisories/32266
http://secunia.com/advisories/37460
http://secunia.com/advisories/57126
http://security.gentoo.org/glsa/glsa-200804-10.xml
http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm
http://www-1.ibm.com/support/docview.wss?uid=swg21286112
http://www.mandriva.com/security/advisories?name=MDVSA-2009:136
http://www.redhat.com/support/errata/RHSA-2008-0042.html
http://www.redhat.com/support/errata/RHSA-2008-0862.html
http://www.securityfocus.com/bid/26070
http://www.securitytracker.com/id?1018864
http://www.vupen.com/english/advisories/2007/3622
http://www.vupen.com/english/advisories/2007/3671
http://www.vupen.com/english/advisories/2007/3674
http://www.vupen.com/english/advisories/2008/2823
https://exchange.xforce.ibmcloud.com/vulnerabilities/37243
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9202
https://www.exploit-db.com/exploits/4530