GitHub Advisory DatabaseGHSA-V5P2-VG3C-PMRRApache Tomcat Path Traversal Vulnerability
3.5 Low
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:S/C:P/I:N/A:N
0.007 Low
EPSS
Percentile
79.6%
Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.
References
geronimo.apache.org/2007/10/18/potential-vulnerability-in-apache-tomcat-webdav-servlet.html
issues.apache.org/jira/browse/GERONIMO-3549
lists.apple.com/archives/security-announce/2008//Jun/msg00002.html
lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html
lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
mail-archives.apache.org/mod_mbox/tomcat-users/200710.mbox/%[email protected]%3E
marc.info/?l=bugtraq&m=139344343412337&w=2
marc.info/?l=full-disclosure&m=119239530508382
rhn.redhat.com/errata/RHSA-2008-0630.html
security.gentoo.org/glsa/glsa-200804-10.xml
support.apple.com/kb/HT2163
support.apple.com/kb/HT3216
tomcat.apache.org/security-4.html
tomcat.apache.org/security-5.html
tomcat.apache.org/security-6.html
www.debian.org/security/2008/dsa-1447
www.debian.org/security/2008/dsa-1453
www.redhat.com/support/errata/RHSA-2008-0042.html
www.redhat.com/support/errata/RHSA-2008-0195.html
www.redhat.com/support/errata/RHSA-2008-0261.html
www.redhat.com/support/errata/RHSA-2008-0862.html
exchange.xforce.ibmcloud.com/vulnerabilities/37243
github.com/advisories/GHSA-v5p2-vg3c-pmrr
github.com/apache/tomcat/commit/1e7b31e24801777f4de45d565f6a20a5377dd22c
github.com/apache/tomcat/commit/901292cf9d7d8225f8a3b96c7583e2bd8b41772d
lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E
nvd.nist.gov/vuln/detail/CVE-2007-5461
www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html
Related
3.5 Low
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:S/C:P/I:N/A:N
0.007 Low
EPSS
Percentile
79.6%