CVE-2007-5461
Apache Tomcat 4.0.0-4.0.6, 4.1.0, 5.0.0, 5.5.0-5.5.25, 6.0.0-6.0.14 Path Traversal via WebDAV
Title source: llmExploitation Summary
EIP tracks 2 public exploits for CVE-2007-5461. PoCs published by h3rcul3s, eliteboy.
AI-analyzed exploit summary This exploit leverages an XML External Entity (XXE) injection vulnerability in Apache Tomcat's WebDAV implementation to disclose arbitrary files from the server. It supports SSL and requires valid credentials for authentication.
Description
Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.
Exploits (2)
exploitdb
WORKING POC
VERIFIED
by h3rcul3s · perlremotelinux
https://www.exploit-db.com/exploits/4552
This exploit leverages an XML External Entity (XXE) injection vulnerability in Apache Tomcat's WebDAV implementation to disclose arbitrary files from the server. It supports SSL and requires valid credentials for authentication.
Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target:
Apache Tomcat (versions affected by CVE-2007-5461)
Auth required
Prerequisites:
Valid login credentials · WebDAV enabled on the target · Network access to the target
devstral-2 · analyzed Feb 16, 2026
Full analysis →
exploitdb
WORKING POC
VERIFIED
by eliteboy · perlremotemultiple
https://www.exploit-db.com/exploits/4530
This exploit leverages an XML External Entity (XXE) injection vulnerability in Apache Tomcat's WebDAV implementation to disclose arbitrary files on the server. It sends a crafted LOCK request with malicious XML payload to trigger the file disclosure.
Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target:
Apache Tomcat (WebDAV implementation)
Auth required
Prerequisites:
WebDAV enabled on Apache Tomcat · Valid credentials for authentication
devstral-2 · analyzed Feb 16, 2026
Full analysis →
References (72)
Core 72
Core References
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2008/dsa-1453
Various Sources x_refsource_confirm
http://tomcat.apache.org/security-4.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/30908
Vendor Advisory x_refsource_confirm
http://support.apple.com/kb/HT2163
Various Sources mailing-list
x_refsource_mlist
http://mail-archives.apache.org/mod_mbox/tomcat-users/200710.mbox/%3C47135C2D.1000705%40apache.org%3E
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/26070
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/27446
Exploit mailing-list
x_refsource_fulldisc
http://marc.info/?l=full-disclosure&m=119239530508382
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/30676
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2008-0630.html
Vendor Advisory vendor-advisory
x_refsource_sunalert
http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/37243
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9202
Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2008-0862.html
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2008/1981/references
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/30899
Vendor Advisory vendor-advisory
x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/31493
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/29242
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2008/2823
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/37460
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2008/1979/references
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/29313
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/31681
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/32120
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2007/3671
Vendor Advisory x_refsource_confirm
http://www.vmware.com/security/advisories/VMSA-2009-0016.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/27398
Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2008-0042.html
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1018864
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/28361
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/28317
Mailing List vendor-advisory
x_refsource_apple
http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html
Vendor Advisory x_refsource_confirm
http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2007/3674
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/507985/100/0/threaded
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
Various Sources x_refsource_confirm
http://tomcat.apache.org/security-6.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/57126
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/32222
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/30802
Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2008-0195.html
Third Party Advisory vendor-advisory
x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-200804-10.xml
Various Sources x_refsource_confirm
http://geronimo.apache.org/2007/10/18/potential-vulnerability-in-apache-tomcat-webdav-servlet.html
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2007/3622
Various Sources x_refsource_confirm
http://www-1.ibm.com/support/docview.wss?uid=swg21286112
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/27727
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2008/1856/references
Vendor Advisory x_refsource_confirm
http://www.vmware.com/security/advisories/VMSA-2008-0010.html
Various Sources x_refsource_confirm
http://tomcat.apache.org/security-5.html
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2008/2780
Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2008-0261.html
Exploit, Third Party Advisory exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/4530
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2009:136
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2008/dsa-1447
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/27481
Mailing List vendor-advisory
x_refsource_hp
http://marc.info/?l=bugtraq&m=139344343412337&w=2
Mailing List vendor-advisory
x_refsource_apple
http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
Vendor Advisory x_refsource_confirm
http://support.apple.com/kb/HT3216
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDKSA-2007:241
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/29711
Various Sources x_refsource_misc
http://issues.apache.org/jira/browse/GERONIMO-3549
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2009/3316
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/32266
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E
Scores
EPSS
0.0650
EPSS Percentile
91.4%
Details
CWE
CWE-22
Status
published
Products (45)
apache/tomcat
4.0.0
apache/tomcat
4.0.1
apache/tomcat
4.0.2
apache/tomcat
4.0.3
apache/tomcat
4.0.4
apache/tomcat
4.0.5
apache/tomcat
4.0.6
apache/tomcat
4.1.0
apache/tomcat
4.1.1
apache/tomcat
4.1.2
... and 35 more
Published
Oct 15, 2007
Tracked Since
Feb 18, 2026