4.8 Medium
AI Score
Confidence
High
3.5 Low
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:S/C:P/I:N/A:N
0.007 Low
EPSS
Percentile
79.6%
Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.
geronimo.apache.org/2007/10/18/potential-vulnerability-in-apache-tomcat-webdav-servlet.html
issues.apache.org/jira/browse/GERONIMO-3549
lists.apple.com/archives/security-announce/2008//Jun/msg00002.html
lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html
lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
mail-archives.apache.org/mod_mbox/tomcat-users/200710.mbox/%3C47135C2D.1000705%40apache.org%3E
marc.info/?l=bugtraq&m=139344343412337&w=2
marc.info/?l=full-disclosure&m=119239530508382
rhn.redhat.com/errata/RHSA-2008-0630.html
secunia.com/advisories/27398
secunia.com/advisories/27446
secunia.com/advisories/27481
secunia.com/advisories/27727
secunia.com/advisories/28317
secunia.com/advisories/28361
secunia.com/advisories/29242
secunia.com/advisories/29313
secunia.com/advisories/29711
secunia.com/advisories/30676
secunia.com/advisories/30802
secunia.com/advisories/30899
secunia.com/advisories/30908
secunia.com/advisories/31493
secunia.com/advisories/32120
secunia.com/advisories/32222
secunia.com/advisories/32266
secunia.com/advisories/37460
secunia.com/advisories/57126
security.gentoo.org/glsa/glsa-200804-10.xml
sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1
support.apple.com/kb/HT2163
support.apple.com/kb/HT3216
support.avaya.com/elmodocs2/security/ASA-2008-401.htm
tomcat.apache.org/security-4.html
tomcat.apache.org/security-5.html
tomcat.apache.org/security-6.html
www-1.ibm.com/support/docview.wss?uid=swg21286112
www.debian.org/security/2008/dsa-1447
www.debian.org/security/2008/dsa-1453
www.mandriva.com/security/advisories?name=MDKSA-2007:241
www.mandriva.com/security/advisories?name=MDVSA-2009:136
www.redhat.com/support/errata/RHSA-2008-0042.html
www.redhat.com/support/errata/RHSA-2008-0195.html
www.redhat.com/support/errata/RHSA-2008-0261.html
www.redhat.com/support/errata/RHSA-2008-0862.html
www.securityfocus.com/archive/1/507985/100/0/threaded
www.securityfocus.com/bid/26070
www.securityfocus.com/bid/31681
www.securitytracker.com/id?1018864
www.vmware.com/security/advisories/VMSA-2008-0010.html
www.vmware.com/security/advisories/VMSA-2009-0016.html
www.vupen.com/english/advisories/2007/3622
www.vupen.com/english/advisories/2007/3671
www.vupen.com/english/advisories/2007/3674
www.vupen.com/english/advisories/2008/1856/references
www.vupen.com/english/advisories/2008/1979/references
www.vupen.com/english/advisories/2008/1981/references
www.vupen.com/english/advisories/2008/2780
www.vupen.com/english/advisories/2008/2823
www.vupen.com/english/advisories/2009/3316
exchange.xforce.ibmcloud.com/vulnerabilities/37243
lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9202
www.exploit-db.com/exploits/4530
www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html