Lucene search

PRIOn knowledge basePRION:CVE-2007-5461

HistoryOct 15, 2007 - 6:17 p.m.

Path traversal

2007-10-1518:17:00

PRIOn knowledge base

www.prio-n.com

4 Medium

AI Score

Confidence

High

3.5 Low

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:N/A:N

0.006 Low

EPSS

Percentile

78.2%

JSON

Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.

CPENameOperatorVersion
tomcateq4.1.2
tomcateq4.0.4
tomcateq4.1.35
tomcateq4.1.36
tomcateq4.1.21
tomcateq4.1.24
tomcateq4.1.25
tomcateq4.1.4
tomcateq4.1.27
tomcateq4.1.30

Name	Operator	Version
tomcat	eq	4.1.2
tomcat	eq	4.0.4
tomcat	eq	4.1.35
tomcat	eq	4.1.36
tomcat	eq	4.1.21
tomcat	eq	4.1.24
tomcat	eq	4.1.25
tomcat	eq	4.1.4
tomcat	eq	4.1.27
tomcat	eq	4.1.30

Rows per page:

1-10 of 441

References

geronimo.apache.org/2007/10/18/potential-vulnerability-in-apache-tomcat-webdav-servlet.html

issues.apache.org/jira/browse/GERONIMO-3549

lists.apple.com/archives/security-announce/2008//Jun/msg00002.html

lists.apple.com/archives/security-announce/2008/Oct/msg00001.html

lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html

lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html

mail-archives.apache.org/mod_mbox/tomcat-users/200710.mbox/%3C47135C2D.1000705%40apache.org%3E

rhn.redhat.com/errata/RHSA-2008-0630.html

secunia.com/advisories/27398

secunia.com/advisories/27446

secunia.com/advisories/27481

secunia.com/advisories/27727

secunia.com/advisories/28317

secunia.com/advisories/28361

secunia.com/advisories/29242

secunia.com/advisories/29313

secunia.com/advisories/29711

secunia.com/advisories/30676

secunia.com/advisories/30802

secunia.com/advisories/30899

secunia.com/advisories/30908

secunia.com/advisories/31493

secunia.com/advisories/32120

secunia.com/advisories/32222

secunia.com/advisories/32266

secunia.com/advisories/37460

secunia.com/advisories/57126

security.gentoo.org/glsa/glsa-200804-10.xml

sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1

support.apple.com/kb/HT2163

support.apple.com/kb/HT3216

support.avaya.com/elmodocs2/security/ASA-2008-401.htm

tomcat.apache.org/security-4.html

tomcat.apache.org/security-5.html

tomcat.apache.org/security-6.html

www-1.ibm.com/support/docview.wss?uid=swg21286112

www.debian.org/security/2008/dsa-1447

www.debian.org/security/2008/dsa-1453

www.mandriva.com/security/advisories?name=MDKSA-2007:241

www.mandriva.com/security/advisories?name=MDVSA-2009:136

www.redhat.com/support/errata/RHSA-2008-0042.html

www.redhat.com/support/errata/RHSA-2008-0195.html

www.redhat.com/support/errata/RHSA-2008-0261.html

www.redhat.com/support/errata/RHSA-2008-0862.html

www.securityfocus.com/archive/1/507985/100/0/threaded

www.securityfocus.com/bid/26070

www.securityfocus.com/bid/31681

www.securitytracker.com/id?1018864

www.vmware.com/security/advisories/VMSA-2008-0010.html

www.vmware.com/security/advisories/VMSA-2009-0016.html

www.vupen.com/english/advisories/2007/3622

www.vupen.com/english/advisories/2007/3671

www.vupen.com/english/advisories/2007/3674

www.vupen.com/english/advisories/2008/1856/references

www.vupen.com/english/advisories/2008/1979/references

www.vupen.com/english/advisories/2008/1981/references

www.vupen.com/english/advisories/2008/2780

www.vupen.com/english/advisories/2008/2823

www.vupen.com/english/advisories/2009/3316

exchange.xforce.ibmcloud.com/vulnerabilities/37243

lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E

marc.info/?l=bugtraq&m=139344343412337&w=2

marc.info/?l=full-disclosure&m=119239530508382

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9202

www.exploit-db.com/exploits/4530

www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html

4 Medium

AI Score

Confidence

High

3.5 Low

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:N/A:N

0.006 Low

EPSS

Percentile

78.2%

JSON

Related for PRION:CVE-2007-5461