Lucene search

[email protected]NVD:CVE-2007-5461

HistoryOct 15, 2007 - 6:17 p.m.

CVE-2007-5461

2007-10-1518:17:00

CWE-22

[email protected]

web.nvd.nist.gov

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:N/A:N

5.5 Medium

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

79.9%

JSON

Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.

Affected configurations

NVD

Node

apachetomcatMatch4.0.0

apachetomcatMatch4.0.1

apachetomcatMatch4.0.2

apachetomcatMatch4.0.3

apachetomcatMatch4.0.4

apachetomcatMatch4.0.5

apachetomcatMatch4.0.6

apachetomcatMatch4.1.0

apachetomcatMatch4.1.1

apachetomcatMatch4.1.2

apachetomcatMatch4.1.3

apachetomcatMatch4.1.4

apachetomcatMatch4.1.5

apachetomcatMatch4.1.6

apachetomcatMatch4.1.7

apachetomcatMatch4.1.8

apachetomcatMatch4.1.9

apachetomcatMatch4.1.10

apachetomcatMatch4.1.11

apachetomcatMatch4.1.12

apachetomcatMatch4.1.13

apachetomcatMatch4.1.14

apachetomcatMatch4.1.15

apachetomcatMatch4.1.16

apachetomcatMatch4.1.17

apachetomcatMatch4.1.18

apachetomcatMatch4.1.19

apachetomcatMatch4.1.20

apachetomcatMatch4.1.21

apachetomcatMatch4.1.22

apachetomcatMatch4.1.23

apachetomcatMatch4.1.24

apachetomcatMatch4.1.25

apachetomcatMatch4.1.26

apachetomcatMatch4.1.27

apachetomcatMatch4.1.28

apachetomcatMatch4.1.29

apachetomcatMatch4.1.30

apachetomcatMatch4.1.31

apachetomcatMatch4.1.32

apachetomcatMatch4.1.33

apachetomcatMatch4.1.34

apachetomcatMatch4.1.35

apachetomcatMatch4.1.36

References

geronimo.apache.org/2007/10/18/potential-vulnerability-in-apache-tomcat-webdav-servlet.html

issues.apache.org/jira/browse/GERONIMO-3549

lists.apple.com/archives/security-announce/2008//Jun/msg00002.html

lists.apple.com/archives/security-announce/2008/Oct/msg00001.html

lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html

lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html

mail-archives.apache.org/mod_mbox/tomcat-users/200710.mbox/%3C47135C2D.1000705%40apache.org%3E

marc.info/?l=bugtraq&m=139344343412337&w=2

marc.info/?l=full-disclosure&m=119239530508382

rhn.redhat.com/errata/RHSA-2008-0630.html

secunia.com/advisories/27398

secunia.com/advisories/27446

secunia.com/advisories/27481

secunia.com/advisories/27727

secunia.com/advisories/28317

secunia.com/advisories/28361

secunia.com/advisories/29242

secunia.com/advisories/29313

secunia.com/advisories/29711

secunia.com/advisories/30676

secunia.com/advisories/30802

secunia.com/advisories/30899

secunia.com/advisories/30908

secunia.com/advisories/31493

secunia.com/advisories/32120

secunia.com/advisories/32222

secunia.com/advisories/32266

secunia.com/advisories/37460

secunia.com/advisories/57126

security.gentoo.org/glsa/glsa-200804-10.xml

sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1

support.apple.com/kb/HT2163

support.apple.com/kb/HT3216

support.avaya.com/elmodocs2/security/ASA-2008-401.htm

tomcat.apache.org/security-4.html

tomcat.apache.org/security-5.html

tomcat.apache.org/security-6.html

www-1.ibm.com/support/docview.wss?uid=swg21286112

www.debian.org/security/2008/dsa-1447

www.debian.org/security/2008/dsa-1453

www.mandriva.com/security/advisories?name=MDKSA-2007:241

www.mandriva.com/security/advisories?name=MDVSA-2009:136

www.redhat.com/support/errata/RHSA-2008-0042.html

www.redhat.com/support/errata/RHSA-2008-0195.html

www.redhat.com/support/errata/RHSA-2008-0261.html

www.redhat.com/support/errata/RHSA-2008-0862.html

www.securityfocus.com/archive/1/507985/100/0/threaded

www.securityfocus.com/bid/26070

www.securityfocus.com/bid/31681

www.securitytracker.com/id?1018864

www.vmware.com/security/advisories/VMSA-2008-0010.html

www.vmware.com/security/advisories/VMSA-2009-0016.html

www.vupen.com/english/advisories/2007/3622

www.vupen.com/english/advisories/2007/3671

www.vupen.com/english/advisories/2007/3674

www.vupen.com/english/advisories/2008/1856/references

www.vupen.com/english/advisories/2008/1979/references

www.vupen.com/english/advisories/2008/1981/references

www.vupen.com/english/advisories/2008/2780

www.vupen.com/english/advisories/2008/2823

www.vupen.com/english/advisories/2009/3316

exchange.xforce.ibmcloud.com/vulnerabilities/37243

lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9202

www.exploit-db.com/exploits/4530

www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:N/A:N

5.5 Medium

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

79.9%

JSON

Related for NVD:CVE-2007-5461

cve2 ubuntucve2 veracode1 cvelist2 checkpoint_advisories1 osv3 seebug1 prion2 github1 nessus31 openvas29 redhatcve1 centos1 redhat7 oraclelinux1 nvd1 debian2 tomcat3 gentoo1 fedora5 altlinux1 vmware4 ibm1