fkie_cve-2007-5461
Vulnerability from fkie_nvd
Published
2007-10-15 18:17
Modified
2025-04-09 00:30
Severity ?
Summary
Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.
References
secalert@redhat.comhttp://geronimo.apache.org/2007/10/18/potential-vulnerability-in-apache-tomcat-webdav-servlet.html
secalert@redhat.comhttp://issues.apache.org/jira/browse/GERONIMO-3549
secalert@redhat.comhttp://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html
secalert@redhat.comhttp://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
secalert@redhat.comhttp://mail-archives.apache.org/mod_mbox/tomcat-users/200710.mbox/%3C47135C2D.1000705%40apache.org%3E
secalert@redhat.comhttp://marc.info/?l=bugtraq&m=139344343412337&w=2
secalert@redhat.comhttp://marc.info/?l=full-disclosure&m=119239530508382Exploit
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2008-0630.html
secalert@redhat.comhttp://secunia.com/advisories/27398
secalert@redhat.comhttp://secunia.com/advisories/27446
secalert@redhat.comhttp://secunia.com/advisories/27481
secalert@redhat.comhttp://secunia.com/advisories/27727
secalert@redhat.comhttp://secunia.com/advisories/28317
secalert@redhat.comhttp://secunia.com/advisories/28361
secalert@redhat.comhttp://secunia.com/advisories/29242
secalert@redhat.comhttp://secunia.com/advisories/29313
secalert@redhat.comhttp://secunia.com/advisories/29711
secalert@redhat.comhttp://secunia.com/advisories/30676
secalert@redhat.comhttp://secunia.com/advisories/30802
secalert@redhat.comhttp://secunia.com/advisories/30899
secalert@redhat.comhttp://secunia.com/advisories/30908
secalert@redhat.comhttp://secunia.com/advisories/31493
secalert@redhat.comhttp://secunia.com/advisories/32120
secalert@redhat.comhttp://secunia.com/advisories/32222
secalert@redhat.comhttp://secunia.com/advisories/32266
secalert@redhat.comhttp://secunia.com/advisories/37460
secalert@redhat.comhttp://secunia.com/advisories/57126
secalert@redhat.comhttp://security.gentoo.org/glsa/glsa-200804-10.xml
secalert@redhat.comhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1
secalert@redhat.comhttp://support.apple.com/kb/HT2163
secalert@redhat.comhttp://support.apple.com/kb/HT3216
secalert@redhat.comhttp://support.avaya.com/elmodocs2/security/ASA-2008-401.htm
secalert@redhat.comhttp://tomcat.apache.org/security-4.html
secalert@redhat.comhttp://tomcat.apache.org/security-5.html
secalert@redhat.comhttp://tomcat.apache.org/security-6.html
secalert@redhat.comhttp://www-1.ibm.com/support/docview.wss?uid=swg21286112
secalert@redhat.comhttp://www.debian.org/security/2008/dsa-1447
secalert@redhat.comhttp://www.debian.org/security/2008/dsa-1453
secalert@redhat.comhttp://www.mandriva.com/security/advisories?name=MDKSA-2007:241
secalert@redhat.comhttp://www.mandriva.com/security/advisories?name=MDVSA-2009:136
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2008-0042.html
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2008-0195.html
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2008-0261.html
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2008-0862.html
secalert@redhat.comhttp://www.securityfocus.com/archive/1/507985/100/0/threaded
secalert@redhat.comhttp://www.securityfocus.com/bid/26070
secalert@redhat.comhttp://www.securityfocus.com/bid/31681
secalert@redhat.comhttp://www.securitytracker.com/id?1018864
secalert@redhat.comhttp://www.vmware.com/security/advisories/VMSA-2008-0010.html
secalert@redhat.comhttp://www.vmware.com/security/advisories/VMSA-2009-0016.html
secalert@redhat.comhttp://www.vupen.com/english/advisories/2007/3622
secalert@redhat.comhttp://www.vupen.com/english/advisories/2007/3671
secalert@redhat.comhttp://www.vupen.com/english/advisories/2007/3674
secalert@redhat.comhttp://www.vupen.com/english/advisories/2008/1856/references
secalert@redhat.comhttp://www.vupen.com/english/advisories/2008/1979/references
secalert@redhat.comhttp://www.vupen.com/english/advisories/2008/1981/references
secalert@redhat.comhttp://www.vupen.com/english/advisories/2008/2780
secalert@redhat.comhttp://www.vupen.com/english/advisories/2008/2823
secalert@redhat.comhttp://www.vupen.com/english/advisories/2009/3316
secalert@redhat.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/37243
secalert@redhat.comhttps://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E
secalert@redhat.comhttps://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E
secalert@redhat.comhttps://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E
secalert@redhat.comhttps://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E
secalert@redhat.comhttps://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E
secalert@redhat.comhttps://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E
secalert@redhat.comhttps://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9202
secalert@redhat.comhttps://www.exploit-db.com/exploits/4530
secalert@redhat.comhttps://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html
af854a3a-2127-422b-91ae-364da2661108http://geronimo.apache.org/2007/10/18/potential-vulnerability-in-apache-tomcat-webdav-servlet.html
af854a3a-2127-422b-91ae-364da2661108http://issues.apache.org/jira/browse/GERONIMO-3549
af854a3a-2127-422b-91ae-364da2661108http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html
af854a3a-2127-422b-91ae-364da2661108http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
af854a3a-2127-422b-91ae-364da2661108http://mail-archives.apache.org/mod_mbox/tomcat-users/200710.mbox/%3C47135C2D.1000705%40apache.org%3E
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=139344343412337&w=2
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=full-disclosure&m=119239530508382Exploit
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2008-0630.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/27398
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/27446
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/27481
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/27727
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/28317
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/28361
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/29242
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/29313
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/29711
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/30676
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/30802
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/30899
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/30908
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/31493
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/32120
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/32222
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/32266
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/37460
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/57126
af854a3a-2127-422b-91ae-364da2661108http://security.gentoo.org/glsa/glsa-200804-10.xml
af854a3a-2127-422b-91ae-364da2661108http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1
af854a3a-2127-422b-91ae-364da2661108http://support.apple.com/kb/HT2163
af854a3a-2127-422b-91ae-364da2661108http://support.apple.com/kb/HT3216
af854a3a-2127-422b-91ae-364da2661108http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm
af854a3a-2127-422b-91ae-364da2661108http://tomcat.apache.org/security-4.html
af854a3a-2127-422b-91ae-364da2661108http://tomcat.apache.org/security-5.html
af854a3a-2127-422b-91ae-364da2661108http://tomcat.apache.org/security-6.html
af854a3a-2127-422b-91ae-364da2661108http://www-1.ibm.com/support/docview.wss?uid=swg21286112
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2008/dsa-1447
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2008/dsa-1453
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDKSA-2007:241
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2009:136
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2008-0042.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2008-0195.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2008-0261.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2008-0862.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/507985/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/26070
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/31681
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1018864
af854a3a-2127-422b-91ae-364da2661108http://www.vmware.com/security/advisories/VMSA-2008-0010.html
af854a3a-2127-422b-91ae-364da2661108http://www.vmware.com/security/advisories/VMSA-2009-0016.html
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2007/3622
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2007/3671
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2007/3674
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2008/1856/references
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2008/1979/references
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2008/1981/references
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2008/2780
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2008/2823
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2009/3316
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/37243
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9202
af854a3a-2127-422b-91ae-364da2661108https://www.exploit-db.com/exploits/4530
af854a3a-2127-422b-91ae-364da2661108https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html
Impacted products
Vendor Product Version
apache tomcat 4.0.0
apache tomcat 4.0.1
apache tomcat 4.0.2
apache tomcat 4.0.3
apache tomcat 4.0.4
apache tomcat 4.0.5
apache tomcat 4.0.6
apache tomcat 4.1.0
apache tomcat 4.1.1
apache tomcat 4.1.2
apache tomcat 4.1.3
apache tomcat 4.1.4
apache tomcat 4.1.5
apache tomcat 4.1.6
apache tomcat 4.1.7
apache tomcat 4.1.8
apache tomcat 4.1.9
apache tomcat 4.1.10
apache tomcat 4.1.11
apache tomcat 4.1.12
apache tomcat 4.1.13
apache tomcat 4.1.14
apache tomcat 4.1.15
apache tomcat 4.1.16
apache tomcat 4.1.17
apache tomcat 4.1.18
apache tomcat 4.1.19
apache tomcat 4.1.20
apache tomcat 4.1.21
apache tomcat 4.1.22
apache tomcat 4.1.23
apache tomcat 4.1.24
apache tomcat 4.1.25
apache tomcat 4.1.26
apache tomcat 4.1.27
apache tomcat 4.1.28
apache tomcat 4.1.29
apache tomcat 4.1.30
apache tomcat 4.1.31
apache tomcat 4.1.32
apache tomcat 4.1.33
apache tomcat 4.1.34
apache tomcat 4.1.35
apache tomcat 4.1.36


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "914E1404-01A2-4F94-AA40-D5EA20F55AD3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "81FB1106-B26D-45BE-A511-8E69131BBA52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "401A213A-FED3-49C0-B823-2E02EA528905",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0BFE5AD8-DB14-4632-9D2A-F2013579CA7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "7641278D-3B8B-4CD2-B284-2047B65514A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB7B9911-E836-4A96-A0E8-D13C957EC0EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2341C51-A239-4A4A-B0DC-30F18175442C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E300013-0CE7-4313-A553-74A6A247B3E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E08D7414-8D0C-45D6-8E87-679DF0201D55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB15C5DB-0DBE-4DAD-ACBD-FAE23F768D01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "60CFD9CA-1878-4C74-A9BD-5D581736E6B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "02860646-1D72-4D9A-AE2A-5868C8EDB3AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BE4B9B5-9C2E-47E1-9483-88A17264594F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BE92A9B-4B8C-468E-9162-A56ED5313E17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE21D455-5B38-4B07-8E25-4EE782501EB3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "B9AE125C-EB8E-4D33-BB64-1E2AEE18BF81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "47588ABB-FCE6-478D-BEAD-FC9A0C7D66DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "C92F3744-C8F9-4E29-BF1A-25E03A32F2C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "084B3227-FE22-43E3-AE06-7BB257018690",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7DDA1D1-1DB2-4FD6-90A6-7DDE2FDD73F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2BFF1D5-2E34-4A01-83A7-6AA3A112A1B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D536FF4-7582-4351-ABE3-876E20F8E7FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C03E4C9-34E3-42F7-8B73-D3C595FD7EE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB43F47F-5BF9-43A0-BF0E-451B4A8F7137",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFFFE700-AAFE-4F5B-B0E2-C3DA76DE492D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "11DDD82E-5D83-4581-B2F3-F12655BBF817",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A0F0C91-171E-421D-BE86-11567DEFC7BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "F22D2621-D305-43CE-B00D-9A7563B061F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A5D55E8-D3A3-4784-8AC6-CCB07E470AB2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F4245BA-B05C-49DE-B2E0-1E588209ED3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "8633532B-9785-4259-8840-B08529E20DCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1D9BD7E-FCC2-404B-A057-1A10997DAFF9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.25:*:*:*:*:*:*:*",
              "matchCriteriaId": "F935ED72-58F4-49C1-BD9F-5473E0B9D8CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.26:*:*:*:*:*:*:*",
              "matchCriteriaId": "FADB75DC-8713-4F0C-9F06-30DA6F6EF6B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.27:*:*:*:*:*:*:*",
              "matchCriteriaId": "2EA52901-2D16-4F7E-BF5E-780B42A55D6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.28:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A79DA2C-35F3-47DE-909B-8D8D1AE111C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.29:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BF6952D-6308-4029-8B63-0BD9C648C60F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.30:*:*:*:*:*:*:*",
              "matchCriteriaId": "94941F86-0BBF-4F30-8F13-FB895A11ED69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.31:*:*:*:*:*:*:*",
              "matchCriteriaId": "17522878-4266-432A-859D-C02096C8AC0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.32:*:*:*:*:*:*:*",
              "matchCriteriaId": "951FFCD7-EAC2-41E6-A53B-F90C540327E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.33:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF1F2738-C7D6-4206-9227-43F464887FF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.34:*:*:*:*:*:*:*",
              "matchCriteriaId": "98EEB6F2-A721-45CF-A856-0E01B043C317",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.35:*:*:*:*:*:*:*",
              "matchCriteriaId": "02FDE602-A56A-477E-B704-41AF92EEBB9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.36:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A28B11A-3BC7-41BC-8970-EE075B029F5C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de salto de ruta absoluta en Apache Tomcat 4.0.0 hasta la versi\u00f3n 4.0.6, 4.1.0, 5.0.0, 5.5.0 hasta la versi\u00f3n 5.5.25 y 6.0.0 hasta la versi\u00f3n 6.0.14, bajo determinadas configuraciones, permite a usuarios remotos autenticados leer archivos arbitrarios a trav\u00e9s de una petici\u00f3n de escritura WebDAV que especifica una entidad con una etiqueta SYSTEM."
    }
  ],
  "id": "CVE-2007-5461",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-10-15T18:17:00.000",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://geronimo.apache.org/2007/10/18/potential-vulnerability-in-apache-tomcat-webdav-servlet.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://issues.apache.org/jira/browse/GERONIMO-3549"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://mail-archives.apache.org/mod_mbox/tomcat-users/200710.mbox/%3C47135C2D.1000705%40apache.org%3E"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://marc.info/?l=bugtraq\u0026m=139344343412337\u0026w=2"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit"
      ],
      "url": "http://marc.info/?l=full-disclosure\u0026m=119239530508382"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2008-0630.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/27398"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/27446"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/27481"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/27727"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/28317"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/28361"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/29242"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/29313"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/29711"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/30676"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/30802"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/30899"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/30908"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/31493"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/32120"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/32222"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/32266"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/37460"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/57126"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://security.gentoo.org/glsa/glsa-200804-10.xml"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://support.apple.com/kb/HT2163"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://support.apple.com/kb/HT3216"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://tomcat.apache.org/security-4.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://tomcat.apache.org/security-5.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://tomcat.apache.org/security-6.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21286112"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.debian.org/security/2008/dsa-1447"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.debian.org/security/2008/dsa-1453"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:241"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:136"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0042.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0195.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0862.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/26070"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/31681"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securitytracker.com/id?1018864"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vmware.com/security/advisories/VMSA-2008-0010.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2007/3622"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2007/3671"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2007/3674"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2008/1856/references"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2008/1979/references"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2008/1981/references"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2008/2780"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2008/2823"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2009/3316"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37243"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9202"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://www.exploit-db.com/exploits/4530"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://geronimo.apache.org/2007/10/18/potential-vulnerability-in-apache-tomcat-webdav-servlet.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://issues.apache.org/jira/browse/GERONIMO-3549"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://mail-archives.apache.org/mod_mbox/tomcat-users/200710.mbox/%3C47135C2D.1000705%40apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=139344343412337\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://marc.info/?l=full-disclosure\u0026m=119239530508382"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2008-0630.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/27398"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/27446"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/27481"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/27727"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/28317"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/28361"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/29242"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/29313"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/29711"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/30676"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/30802"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/30899"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/30908"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/31493"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/32120"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/32222"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/32266"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/37460"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/57126"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-200804-10.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.apple.com/kb/HT2163"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.apple.com/kb/HT3216"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://tomcat.apache.org/security-4.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://tomcat.apache.org/security-5.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://tomcat.apache.org/security-6.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21286112"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2008/dsa-1447"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2008/dsa-1453"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:241"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:136"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0042.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0195.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0862.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/26070"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/31681"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1018864"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vmware.com/security/advisories/VMSA-2008-0010.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/3622"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/3671"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/3674"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/1856/references"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/1979/references"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/1981/references"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/2780"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/2823"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2009/3316"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37243"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9202"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.exploit-db.com/exploits/4530"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.