CVE-2007-5461
published 2007-10-15CVE-2007-5461: Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain…
PriorityP336low3.5CVSS 2.0
AVNACMAuSCPINAN
EXPLOIT
EPSS
39.68%
98.4th percentile
Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.
Affected
50 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | jakarta_slide | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
CVSS provenance
nvdv2.03.5LOWAV:N/AC:M/Au:S/C:P/I:N/A:N
vendor_redhat3.5LOW
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VMware
VMware vCenter and ESX update release and vMA patch release address multiple security issues in third party components.
vendor_vmware·2009-11-20·CVSS 5.0
CVE-2007-2052 [MEDIUM] VMware vCenter and ESX update release and vMA patch release address multiple security issues in third party components.
VMSA-2009-0016: VMware vCenter and ESX update release and vMA patch release address multiple security issues in third party components.
a. JRE Security Update JRE update to version 1.5.0_20, which addresses multiple security issues that existed in earlier releases of JRE. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in JRE 1.5.0_18: CVE-2009-1093, CVE-2009-1094, CVE-2009-1095, CVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1099, CVE-2009-1100, CVE-2009-1101, CVE-2009-1102, CVE-2009-1103, CVE-2009-1104, CVE-2009-1105, CVE-2009-1106, and CVE-2009-1107. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in JRE 1.5.0_20: CVE-2009-
Red Hat
Absolute path traversal Apache Tomcat WEBDAV
vendor_redhat·2007-10-14·CVSS 3.5
CVE-2007-5461 [LOW] Absolute path traversal Apache Tomcat WEBDAV
Absolute path traversal Apache Tomcat WEBDAV
Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.
Red Hat
Absolute path traversal vulnerability in Apache Jakarta Slide 2.1
vendor_redhat·CVSS 3.5
CVE-2007-5731 [LOW] Absolute path traversal vulnerability in Apache Jakarta Slide 2.1
Absolute path traversal vulnerability in Apache Jakarta Slide 2.1
Absolute path traversal vulnerability in Apache Jakarta Slide 2.1 and earlier allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag, a related issue to CVE-2007-5461.
GHSA
GHSA-h7f5-5qw4-27g2: Absolute path traversal vulnerability in Apache Jakarta Slide 2
ghsa_unreviewed·2022-05-01·CVSS 3.5
CVE-2007-5731 [LOW] CWE-22 GHSA-h7f5-5qw4-27g2: Absolute path traversal vulnerability in Apache Jakarta Slide 2
Absolute path traversal vulnerability in Apache Jakarta Slide 2.1 and earlier allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag, a related issue to CVE-2007-5461.
GHSA
Apache Tomcat Path Traversal Vulnerability
ghsa·2022-05-01
CVE-2007-5461 [LOW] CWE-22 Apache Tomcat Path Traversal Vulnerability
Apache Tomcat Path Traversal Vulnerability
Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.
OSV
Apache Tomcat Path Traversal Vulnerability
osv·2022-05-01
CVE-2007-5461 [LOW] Apache Tomcat Path Traversal Vulnerability
Apache Tomcat Path Traversal Vulnerability
Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.
No detection rules found.
Exploit-DB
Apache Tomcat - WebDAV SSL Remote File Disclosure
exploitdb·2007-10-21
CVE-2007-5461 Apache Tomcat - WebDAV SSL Remote File Disclosure
Apache Tomcat - WebDAV SSL Remote File Disclosure
---
#!/usr/bin/perl
#================================================================
# Apache Tomcat Remote File Disclosure Zeroday Xploit - With support for SSL
# MoDiFiEd version by : h3rcul3s
# ORiGiNaL Version by : kcdarookie aka eliteb0y / 2007 http://milw0rm.org/exploits/4530
# MoDiFiCaTiOn : This code is useble against targets over SSL
# Prerequisites : A valid login credentials, webdav
# DoRk : intitle:"Directory Listing For /" + inurl:webdav tomcat
# Potential targets : similar to https://www.somehost.com:8443
#================================================================
# THaNkS To eliteb0y, the whole team AnD "perlmonks".
# This piece of code is written ONLY for educational purpose.
# Use it at your own risk.
# No author w
Exploit-DB
Apache Tomcat - 'WebDAV' Remote File Disclosure
exploitdb·2007-10-14
CVE-2007-5461 Apache Tomcat - 'WebDAV' Remote File Disclosure
Apache Tomcat - 'WebDAV' Remote File Disclosure
---
#!/usr/bin/perl
#******************************************************
# Apache Tomcat Remote File Disclosure Zeroday Xploit
# kcdarookie aka eliteb0y / 2007
#
# thanx to the whole team & andi :)
# +++KEEP PRIV8+++
#
# This Bug may reside in different WebDav implementations,
# Warp your mind!
# +You will need auth for the exploit to work...
#******************************************************
use IO::Socket;
use MIME::Base64; ### FIXME! Maybe support other auths too ?
# SET REMOTE PORT HERE
$remoteport = 8080;
sub usage {
print "Apache Tomcat Remote File Disclosure Zeroday Xploit\n";
print "kcdarookie aka eliteb0y / 2007\n";
print "usage: perl TOMCATXPL [username] [password]\n";
print "example: perl TOMCATXPL www.hostname.com /we
Bugzilla
CVE-2008-0628 java-1.6.0 default external entity processing
bugzilla·2008-02-04·CVSS 3.5
CVE-2008-0628 [LOW] CVE-2008-0628 java-1.6.0 default external entity processing
CVE-2008-0628 java-1.6.0 default external entity processing
Sun describes a 1.6.0-only (1.4, 1.5 not affected) XML processing vulnerability
(insecure default) at
http://sunsolve.sun.com/search/document.do?assetkey=1-66-231246-1.
This bug may cause effects similar to CVE-2007-5461.
Vendor Description:
The Java Runtime Environment (JRE) by default allows external entity references
to be processed. To turn off processing of external entity references, sites can
set the "external general entities" property to FALSE. This property is provided
since it may be possible to leverage the processing of external entity
references to access certain URL resources (such as some files and web pages) or
create a Denial of Service (DoS) condition on the system running the JRE. A
defect in the JRE allows
Bugzilla
CVE-2007-5333 Improve cookie parsing for tomcat5 [rhn_satellite_5.0]
bugzilla·2008-01-10·CVSS 4.3
CVE-2007-5333 [MEDIUM] CVE-2007-5333 Improve cookie parsing for tomcat5 [rhn_satellite_5.0]
CVE-2007-5333 Improve cookie parsing for tomcat5 [rhn_satellite_5.0]
rhn_satellite_5.0 tracking bug: see blocks bug list for full details of the security issue(s).
This bug is never intended to be made public, please put any public notes in the 'blocks' bugs.
For the security issues handling process overview see: http://intranet.corp.redhat.com/ic/intranet/SecurityZStreamFAQ
[bug automatically created by: add-tracking-bugs]
Discussion:
[root@rlx-3-18 RPMS]# ls tomcat5-5.0.30-0jpp_9rh.noarch.rpm
tomcat5-5.0.30-0jpp_9rh.noarch.rpm
[root@rlx-3-18 RPMS]# pwd
/tmp/mnt/RPMS
[root@rlx-3-18 RPMS]#
verified
---
This is not a bug. The real issue that was talked about is actually:
private bug Bugzilla Bug 430731: CVE-2007-5461 CVE-2007-3385 CVE-2007-3382
CVE-2007-1358 CVE-2007-1355 CVE-2007
Bugzilla
CVE-2007-5461 Absolute path traversal Apache Tomcat WEBDAV [F8]
bugzilla·2007-11-01·CVSS 3.5
CVE-2007-5461 [LOW] CVE-2007-5461 Absolute path traversal Apache Tomcat WEBDAV [F8]
CVE-2007-5461 Absolute path traversal Apache Tomcat WEBDAV [F8]
F8 tracking bug: see blocks bug list for full details of the security issue(s).
[bug automatically created by: add-tracking-bugs]
Discussion:
Ping on this. Please do an update, as an patch is available (see blocking bugs).
---
Vivek, please add fix for this to fix for CVE-2007-2450 and roll an update.
---
tomcat5-5.5.25-1jpp.1.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
Bugzilla
CVE-2007-5731 Absolute path traversal vulnerability in Apache Jakarta Slide 2.1
bugzilla·2007-10-31·CVSS 3.5
CVE-2007-5731 [LOW] CVE-2007-5731 Absolute path traversal vulnerability in Apache Jakarta Slide 2.1
CVE-2007-5731 Absolute path traversal vulnerability in Apache Jakarta Slide 2.1
Absolute path traversal vulnerability in Apache Jakarta Slide 2.1 and earlier
allows remote authenticated users to read arbitrary files via a WebDAV write
request that specifies an entity with a SYSTEM tag, a related issue to
CVE-2007-5461.
http://www.milw0rm.com/exploits/4567
Discussion:
we are not affected (webdav server issue, jboss uses client only)
Bugzilla
CVE-2007-5461 Absolute path traversal Apache Tomcat WEBDAV [FC6]
bugzilla·2007-10-16·CVSS 3.5
CVE-2007-5461 [LOW] CVE-2007-5461 Absolute path traversal Apache Tomcat WEBDAV [FC6]
CVE-2007-5461 Absolute path traversal Apache Tomcat WEBDAV [FC6]
FC6 tracking bug: see blocks bug list for full details of the security issue(s).
[bug automatically created by: add-tracking-bugs]
Discussion:
Ping on this. Please do an update, as an patch is available (see blocking bugs).
---
Vivek, please add fix for this to fix for CVE-2007-2450 and roll an update.
---
This is included in 5.5.25 release. Closing bug.
Bugzilla
CVE-2007-5461 Absolute path traversal Apache Tomcat WEBDAV [Fdevel]
bugzilla·2007-10-16·CVSS 3.5
CVE-2007-5461 [LOW] CVE-2007-5461 Absolute path traversal Apache Tomcat WEBDAV [Fdevel]
CVE-2007-5461 Absolute path traversal Apache Tomcat WEBDAV [Fdevel]
Fdevel tracking bug: see blocks bug list for full details of the security issue(s).
[bug automatically created by: add-tracking-bugs]
Discussion:
Vivek, please add fix for this to fix for CVE-2007-2450 and roll an update.
---
Tomcat 5.5.25 packages in all supported Fedora releases have a fix for this bug.
Closing this bug.
Bugzilla
CVE-2007-5461 Absolute path traversal Apache Tomcat WEBDAV [F7]
bugzilla·2007-10-16·CVSS 3.5
CVE-2007-5461 [LOW] CVE-2007-5461 Absolute path traversal Apache Tomcat WEBDAV [F7]
CVE-2007-5461 Absolute path traversal Apache Tomcat WEBDAV [F7]
F7 tracking bug: see blocks bug list for full details of the security issue(s).
[bug automatically created by: add-tracking-bugs]
Discussion:
Ping on this. Please do an update, as an patch is available (see blocking bugs).
---
Vivek, please add fix for this to fix for CVE-2007-2450 and roll an update.
---
This is included in 5.5.25 release. Closing bug.
Bugzilla
CVE-2007-5461 Absolute path traversal Apache Tomcat WEBDAV
bugzilla·2007-10-16·CVSS 3.5
CVE-2007-5461 [LOW] CVE-2007-5461 Absolute path traversal Apache Tomcat WEBDAV
CVE-2007-5461 Absolute path traversal Apache Tomcat WEBDAV
Description:
Absolute path traversal vulnerability in Apache Tomcat, under certain
configurations, allows remote authenticated users to read arbitrary
files via a WebDAV write request that specifies an entity with a
SYSTEM tag.
Mail from Mark Thomas (Apache.org):
A vulnerability in the Apache Tomcat webdav servlet was publicly
disclosed on full disclosure yesterday, 14-Oct-2007.[1]
The Tomcat security team has evaluated this vulnerability and
determined that default installations of Tomcat 6.0.x, 5.5.x and 4.1.x
and not affected.
In order to be affected systems must have:
- one or more contexts configured for webdav using Tomcat's built-in
webdav implementation
- enabled write capability via webdav
Note:
- Tomcat 6.0.x has n
http://geronimo.apache.org/2007/10/18/potential-vulnerability-in-apache-tomcat-webdav-servlet.htmlhttp://issues.apache.org/jira/browse/GERONIMO-3549http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.htmlhttp://lists.apple.com/archives/security-announce/2008/Oct/msg00001.htmlhttp://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.htmlhttp://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.htmlhttp://mail-archives.apache.org/mod_mbox/tomcat-users/200710.mbox/%3C47135C2D.1000705%40apache.org%3Ehttp://marc.info/?l=bugtraq&m=139344343412337&w=2http://marc.info/?l=full-disclosure&m=119239530508382http://rhn.redhat.com/errata/RHSA-2008-0630.htmlhttp://secunia.com/advisories/27398http://secunia.com/advisories/27446http://secunia.com/advisories/27481http://secunia.com/advisories/27727http://secunia.com/advisories/28317http://secunia.com/advisories/28361http://secunia.com/advisories/29242http://secunia.com/advisories/29313http://secunia.com/advisories/29711http://secunia.com/advisories/30676http://secunia.com/advisories/30802http://secunia.com/advisories/30899http://secunia.com/advisories/30908http://secunia.com/advisories/31493http://secunia.com/advisories/32120http://secunia.com/advisories/32222http://secunia.com/advisories/32266http://secunia.com/advisories/37460http://secunia.com/advisories/57126http://security.gentoo.org/glsa/glsa-200804-10.xmlhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1http://support.apple.com/kb/HT2163http://support.apple.com/kb/HT3216http://support.avaya.com/elmodocs2/security/ASA-2008-401.htmhttp://tomcat.apache.org/security-4.htmlhttp://tomcat.apache.org/security-5.htmlhttp://tomcat.apache.org/security-6.htmlhttp://www-1.ibm.com/support/docview.wss?uid=swg21286112http://www.debian.org/security/2008/dsa-1447http://www.debian.org/security/2008/dsa-1453http://www.mandriva.com/security/advisories?name=MDKSA-2007:241http://www.mandriva.com/security/advisories?name=MDVSA-2009:136http://www.redhat.com/support/errata/RHSA-2008-0042.htmlhttp://www.redhat.com/support/errata/RHSA-2008-0195.htmlhttp://www.redhat.com/support/errata/RHSA-2008-0261.htmlhttp://www.redhat.com/support/errata/RHSA-2008-0862.htmlhttp://www.securityfocus.com/archive/1/507985/100/0/threadedhttp://www.securityfocus.com/bid/26070http://www.securityfocus.com/bid/31681http://www.securitytracker.com/id?1018864http://www.vmware.com/security/advisories/VMSA-2008-0010.htmlhttp://www.vmware.com/security/advisories/VMSA-2009-0016.htmlhttp://www.vupen.com/english/advisories/2007/3622http://www.vupen.com/english/advisories/2007/3671http://www.vupen.com/english/advisories/2007/3674http://www.vupen.com/english/advisories/2008/1856/referenceshttp://www.vupen.com/english/advisories/2008/1979/referenceshttp://www.vupen.com/english/advisories/2008/1981/referenceshttp://www.vupen.com/english/advisories/2008/2780http://www.vupen.com/english/advisories/2008/2823http://www.vupen.com/english/advisories/2009/3316https://exchange.xforce.ibmcloud.com/vulnerabilities/37243https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3Ehttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9202https://www.exploit-db.com/exploits/4530https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.htmlhttp://geronimo.apache.org/2007/10/18/potential-vulnerability-in-apache-tomcat-webdav-servlet.htmlhttp://issues.apache.org/jira/browse/GERONIMO-3549http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.htmlhttp://lists.apple.com/archives/security-announce/2008/Oct/msg00001.htmlhttp://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.htmlhttp://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.htmlhttp://mail-archives.apache.org/mod_mbox/tomcat-users/200710.mbox/%3C47135C2D.1000705%40apache.org%3Ehttp://marc.info/?l=bugtraq&m=139344343412337&w=2http://marc.info/?l=full-disclosure&m=119239530508382http://rhn.redhat.com/errata/RHSA-2008-0630.htmlhttp://secunia.com/advisories/27398http://secunia.com/advisories/27446http://secunia.com/advisories/27481http://secunia.com/advisories/27727http://secunia.com/advisories/28317http://secunia.com/advisories/28361http://secunia.com/advisories/29242http://secunia.com/advisories/29313http://secunia.com/advisories/29711http://secunia.com/advisories/30676http://secunia.com/advisories/30802http://secunia.com/advisories/30899http://secunia.com/advisories/30908http://secunia.com/advisories/31493http://secunia.com/advisories/32120http://secunia.com/advisories/32222http://secunia.com/advisories/32266http://secunia.com/advisories/37460
+ 44 more references
2007-10-15
Published