CVE-2007-5461 - Secunia Advisories - Vulnerability Intelligence

CVE Reference: CVE-2007-5461
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2007-5461

Description: Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/37243 SUSE http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html SUNALERT http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1 ST 1018864 SAID Secunia Advisory: SA30899 Secunia Advisory: SA30908 Secunia Advisory: SA30802 Secunia Advisory: SA30676 Secunia Advisory: SA29711 Secunia Advisory: SA29313 Secunia Advisory: SA29242 Secunia Advisory: SA28361 Secunia Advisory: SA27398 Secunia Advisory: SA27446 Secunia Advisory: SA28317 Secunia Advisory: SA27481 Secunia Advisory: SA27727 Secunia Advisory: SA31493 REDHAT http://rhn.redhat.com/errata/RHSA-2008-0630.html http://www.redhat.com/support/errata/RHSA-2008-0862.html http://www.redhat.com/support/errata/RHSA-2008-0261.html http://www.redhat.com/support/errata/RHSA-2008-0195.html http://www.redhat.com/support/errata/RHSA-2008-0042.html MLIST http://mail-archives.apache.org/mod_mbox/tomcat-users/200710.mbox/%3C47135C2D.1000705@apache.org%3E MISC http://issues.apache.org/jira/browse/GERONIMO-3549 MILW0RM http://www.milw0rm.com/exploits/4530 MANDRIVA http://www.mandriva.com/security/advisories?name=MDKSA-2007:241 GENTOO http://security.gentoo.org/glsa/glsa-200804-10.xml FULLDISC http://marc.info/?l=full-disclosure&m=119239530508382 FEDORA DEBIAN http://www.debian.org/security/2008/dsa-1447 http://www.debian.org/security/2008/dsa-1453 CONFIRM http://support.apple.com/kb/HT2163 http://tomcat.apache.org/security-6.html http://geronimo.apache.org/2007/10/18/potential-vulnerability-in-apache-tomcat-webdav-servlet.html http://www-1.ibm.com/support/docview.wss?uid=swg21286112 http://www.vmware.com/security/advisories/VMSA-2008-0010.html http://tomcat.apache.org/security-5.html http://tomcat.apache.org/security-4.html BID 26070 31681 APPLE http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html

Return to the previous page.