Lucene search

K
cve[email protected]CVE-2007-5461
HistoryOct 15, 2007 - 6:17 p.m.

CVE-2007-5461

2007-10-1518:17:00
CWE-22
web.nvd.nist.gov
137
cve-2007-5461
apache tomcat
path traversal
vulnerability
nvd
remote authenticated users
webdav
system tag

4.8 Medium

AI Score

Confidence

High

3.5 Low

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:N/A:N

0.007 Low

EPSS

Percentile

79.6%

Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.

References

4.8 Medium

AI Score

Confidence

High

3.5 Low

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:N/A:N

0.007 Low

EPSS

Percentile

79.6%