CVE-2007-5461

Apache Tomcat - Path Traversal

Title source: rule

Description

Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.

Exploits (2)

exploitdb WORKING POC VERIFIED

by h3rcul3s · perlremotelinux

https://www.exploit-db.com/exploits/4552

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by eliteboy · perlremotemultiple

https://www.exploit-db.com/exploits/4530

View Code ZIP pw:eip

References (72)

[Various Sources] http://geronimo.apache.org/2007/10/18/potential-vulnerability-in-apache-tomcat-webdav-servlet.html

[Various Sources] http://issues.apache.org/jira/browse/GERONIMO-3549

[Mailing List] http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html

[Mailing List] http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html

[Mailing List] http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html

[Mailing List] http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html

[Various Sources] http://mail-archives.apache.org/mod_mbox/tomcat-users/200710.mbox/%3C47135C2D.1000705%40apache.org%3E

[Mailing List] http://marc.info/?l=bugtraq&m=139344343412337&w=2

[Exploit] http://marc.info/?l=full-disclosure&m=119239530508382

[Vendor Advisory] http://rhn.redhat.com/errata/RHSA-2008-0630.html

[Vendor Advisory] http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1

[Vendor Advisory] http://support.apple.com/kb/HT2163

[Vendor Advisory] http://support.apple.com/kb/HT3216

[Vendor Advisory] http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm

[Various Sources] http://tomcat.apache.org/security-4.html

[Various Sources] http://tomcat.apache.org/security-5.html

[Various Sources] http://tomcat.apache.org/security-6.html

[Various Sources] http://www-1.ibm.com/support/docview.wss?uid=swg21286112

[Vendor Advisory] http://www.mandriva.com/security/advisories?name=MDKSA-2007:241

[Vendor Advisory] http://www.mandriva.com/security/advisories?name=MDVSA-2009:136

... and 52 more

Scores

EPSS 0.0627

EPSS Percentile 91.0%

Details

CWE

CWE-22

Status published

Products (45)

apache/tomcat 4.0.0

apache/tomcat 4.0.1

apache/tomcat 4.0.2

apache/tomcat 4.0.3

apache/tomcat 4.0.4

apache/tomcat 4.0.5

apache/tomcat 4.0.6

apache/tomcat 4.1.0

apache/tomcat 4.1.1

apache/tomcat 4.1.2

... and 35 more

Published Oct 15, 2007

Tracked Since Feb 18, 2026