Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2007-5461 โ€” Path Traversal in Apache Tomcat

CWE-22 โ€” Path Traversal16 documents7 sources
Severity
3.5LOWNVD
EPSS
6.3%
top 9.05%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Apache Tomcat
Timeline
PublishedOct 15
Latest updateMay 1

Description

Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 6.8 | Impact: 2.9

Affected Packages1 packages

โ–ถNVDapache/tomcat44 versions+43

๐Ÿ”ดVulnerability Details

3
GHSA
Apache Tomcat Path Traversal Vulnerabilityโ†—2022-05-01
โ–ถ
OSV
Apache Tomcat Path Traversal Vulnerabilityโ†—2022-05-01
โ–ถ
CVEList
CVE-2007-5461: Absolute path traversal vulnerability in Apache Tomcat 4โ†—2007-10-15
โ–ถ

๐Ÿ’ฅExploits & PoCs

2
Exploit-DB
Apache Tomcat - WebDAV SSL Remote File Disclosureโ†—2007-10-21
โ–ถ
Exploit-DB
Apache Tomcat - 'WebDAV' Remote File Disclosureโ†—2007-10-14
โ–ถ

๐Ÿ“‹Vendor Advisories

2
Red Hat
Absolute path traversal Apache Tomcat WEBDAVโ†—2007-10-14
โ–ถ
Red Hat
Absolute path traversal vulnerability in Apache Jakarta Slide 2.1โ†—
โ–ถ

๐Ÿ’ฌCommunity

8
Bugzilla
CVE-2008-0628 java-1.6.0 default external entity processingโ†—2008-02-04
โ–ถ
Bugzilla
CVE-2007-5333 Improve cookie parsing for tomcat5 [rhn_satellite_5.0]โ†—2008-01-10
โ–ถ
Bugzilla
CVE-2007-5461 Absolute path traversal Apache Tomcat WEBDAV [F8]โ†—2007-11-01
โ–ถ
Bugzilla
CVE-2007-5731 Absolute path traversal vulnerability in Apache Jakarta Slide 2.1โ†—2007-10-31
โ–ถ
Bugzilla
CVE-2007-5461 Absolute path traversal Apache Tomcat WEBDAV [FC6]โ†—2007-10-16
โ–ถ
CVE-2007-5461 โ€” Path Traversal in Apache Tomcat | cvebase