eliteb0y has reported a vulnerability in Apache Tomcat, which can be exploited by malicious users to disclose potentially sensitive information.
The vulnerability is caused due to an error within the WebDAV servlet when configured for use with a context and enabled for write. This can be exploited to disclose the contents of arbitrary files via specially-crafted WebDAV requests that specify an entity with a SYSTEM tag.
The vulnerability reportedly affects the following versions:
* 4.0.0-4.0.6, 4.1.0-4.1.36
* 5.0.0-5.0.SVN and 5.5.0-5.5.25.
Solution: Update to version 5.5.26 or 6.0.16. The vulnerability is also fixed in the SVN repository for version 4.1.x.
Provided and/or discovered by: eliteb0y
Original Advisory: Apache:
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this
information to firstname.lastname@example.org