Vulnerability Details : CVE-2007-5461
Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.
Vulnerability category: Directory traversal
Products affected by CVE-2007-5461
- cpe:2.3:a:apache:tomcat:4.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:4.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:4.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:4.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:4.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:4.1.10:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:4.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:4.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:4.1.12:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:4.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:4.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:4.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:4.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:4.1.24:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:4.1.31:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:4.1.36:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:4.1.28:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:4.1.15:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:4.1.17:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:4.1.18:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:4.1.26:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:4.1.27:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:4.1.33:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:4.1.34:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:4.1.16:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:4.1.25:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:4.1.32:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:4.1.21:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:4.1.22:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:4.1.23:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:4.1.30:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:4.1.19:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:4.1.20:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:4.1.29:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:4.1.35:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:4.1.14:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:4.1.11:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:4.1.8:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:4.1.9:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:4.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:4.1.7:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:4.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:4.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:4.1.13:*:*:*:*:*:*:*
Threat overview for CVE-2007-5461
Top countries where our scanners detected CVE-2007-5461
Top open port discovered on systems with this issue
80
IPs affected by CVE-2007-5461 1,359
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2007-5461!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2007-5461
8.60%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 95 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2007-5461
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
3.5
|
LOW | AV:N/AC:M/Au:S/C:P/I:N/A:N |
6.8
|
2.9
|
NIST |
CWE ids for CVE-2007-5461
-
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.Assigned by: nvd@nist.gov (Primary)
References for CVE-2007-5461
-
http://www.debian.org/security/2008/dsa-1447
Debian -- Security Information -- DSA-1447-1 tomcat5.5
-
http://www.vupen.com/english/advisories/2007/3671
-
http://www.vmware.com/security/advisories/VMSA-2008-0010.html
VMSA-2008-0010.3
-
http://tomcat.apache.org/security-5.html
Apache Tomcat® - Apache Tomcat 5 vulnerabilities
-
https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E
svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/-Apache Mail Archives
-
https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E
svn commit: r1856174 [20/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/ - Pony Mail
-
http://mail-archives.apache.org/mod_mbox/tomcat-users/200710.mbox/%3C47135C2D.1000705@apache.org%3E
[Security] - Important vulnerability disclosed in Apache Tomcat webdav servlet-Apache Mail Archives
-
http://marc.info/?l=bugtraq&m=139344343412337&w=2
'[security bulletin] HPSBST02955 rev.1 - HP XP P9000 Performance Advisor Software, 3rd party Software' - MARC
-
http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/37243
Apache Tomcat WebDAV directory traversal CVE-2007-5731 Vulnerability Report
-
http://tomcat.apache.org/security-4.html
Apache Tomcat® - Apache Tomcat 4.x vulnerabilities
-
http://geronimo.apache.org/2007/10/18/potential-vulnerability-in-apache-tomcat-webdav-servlet.html
Apache Geronimo : Potential vulnerability in Apache Tomcat Webdav servlet
-
http://www.vmware.com/security/advisories/VMSA-2009-0016.html
VMSA-2009-0016.6
-
http://issues.apache.org/jira/browse/GERONIMO-3549
[GERONIMO-3549] Potential vulnerability in Apache Tomcat Webdav servlet - ASF JIRA
-
http://www.vupen.com/english/advisories/2009/3316
Webmail: access your OVH emails on ovhcloud.com | OVHcloud
-
http://tomcat.apache.org/security-6.html
Apache Tomcat® - Apache Tomcat 6 vulnerabilities
-
http://www.vupen.com/english/advisories/2007/3622
-
https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E
Pony Mail!
-
http://security.gentoo.org/glsa/glsa-200804-10.xml
Tomcat: Multiple vulnerabilities (GLSA 200804-10) — Gentoo security
-
https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E
Apache Mail Archives
-
http://rhn.redhat.com/errata/RHSA-2008-0630.html
RHSA-2008:0630 - Security Advisory - Red Hat Customer Portal
-
http://www.vupen.com/english/advisories/2008/1856/references
Webmail: access your OVH emails on ovhcloud.com | OVHcloud
-
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html
[security-announce] SUSE Security Summary Report SUSE-SR:2008:005 - openSUSE Security Announce - openSUSE Mailing Lists
-
http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
-
http://www.vupen.com/english/advisories/2007/3674
-
http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html
-
http://www.debian.org/security/2008/dsa-1453
Debian -- Security Information -- DSA-1453-1 tomcat5
-
http://www.vupen.com/english/advisories/2008/1981/references
Webmail: access your OVH emails on ovhcloud.com | OVHcloud
-
http://support.apple.com/kb/HT2163
About the security content of Security Update 2008-004 and Mac OS X 10.5.4 - Apple Support
-
https://www.exploit-db.com/exploits/4530
-
https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E
svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/-Apache Mail Archives
-
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html
[SECURITY] Fedora 7 Update: tomcat5-5.5.25-1jpp.1.fc7
-
http://www.vupen.com/english/advisories/2008/1979/references
Webmail: access your OVH emails on ovhcloud.com | OVHcloud
-
https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E
svn commit: r1873980 [25/34] - /tomcat/site/trunk/docs/ - Pony Mail
-
http://www.mandriva.com/security/advisories?name=MDVSA-2009:136
Page not found - Mandriva.com
-
http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
[security-announce] SUSE Security Summary Report: SUSE-SR:2009:004 - openSUSE Security Announce - openSUSE Mailing Lists
-
http://www.vupen.com/english/advisories/2008/2823
Webmail: access your OVH emails on ovhcloud.com | OVHcloud
-
http://marc.info/?l=full-disclosure&m=119239530508382
'[Full-disclosure] Apache Tomcat Rem0Te FiLe DiscloSure ZeroDay' - MARCExploit
-
http://www.redhat.com/support/errata/RHSA-2008-0042.html
Support
-
https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E
svn commit: r1873527 [22/30] - /tomcat/site/trunk/docs/ - Pony Mail
-
http://www.redhat.com/support/errata/RHSA-2008-0195.html
Support
-
http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm
ASA-2008-401 (RHSA-2008-0862)
-
http://www.securityfocus.com/bid/26070
-
http://www.vupen.com/english/advisories/2008/2780
Webmail: access your OVH emails on ovhcloud.com | OVHcloud
-
http://www.securitytracker.com/id?1018864
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9202
-
http://www.securityfocus.com/archive/1/507985/100/0/threaded
-
http://www.mandriva.com/security/advisories?name=MDKSA-2007:241
Advisories | Mandriva
-
http://support.apple.com/kb/HT3216
About Security Update 2008-007 - Apple Support
-
http://www-1.ibm.com/support/docview.wss?uid=swg21286112
-
http://www.redhat.com/support/errata/RHSA-2008-0862.html
Support
-
http://www.redhat.com/support/errata/RHSA-2008-0261.html
Support
-
http://www.securityfocus.com/bid/31681
Jump to