3.5
CVSSv2

CVE-2007-5461

Published: 15/10/2007 Updated: 25/03/2019
CVSS v2 Base Score: 3.5 | Impact Score: 2.9 | Exploitability Score: 6.8
VMScore: 360
Vector: AV:N/AC:M/Au:S/C:P/I:N/A:N

Vulnerability Summary

Absolute path traversal vulnerability in Apache Tomcat 4.0.0 up to and including 4.0.6, 4.1.0, 5.0.0, 5.5.0 up to and including 5.5.25, and 6.0.0 up to and including 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.

Vendor Advisories

Synopsis Important: tomcat security update Type/Severity Security Advisory: Important Topic Updated tomcat packages that fix several security issues are now availablefor Red Hat Application Server v2This update has been rated as having important security impact by the RedHat Security Response Team ...

Exploits

#!/usr/bin/perl #================================================================ # Apache Tomcat Remote File Disclosure Zeroday Xploit - With support for SSL # MoDiFiEd version by : h3rcul3s # ORiGiNaL Version by : kcdarookie aka eliteb0y / 2007 milw0rmorg/exploits/4530 # MoDiFiCaTiOn : This code is useble against targets over S ...
#!/usr/bin/perl #****************************************************** # Apache Tomcat Remote File Disclosure Zeroday Xploit # kcdarookie aka eliteb0y / 2007 # # thanx to the whole team & andi :) # +++KEEP PRIV8+++ # # This Bug may reside in different WebDav implementations, # Warp your mind! # +You will need auth for the exploit to work #* ...

References

CWE-22http://geronimo.apache.org/2007/10/18/potential-vulnerability-in-apache-tomcat-webdav-servlet.htmlhttp://issues.apache.org/jira/browse/GERONIMO-3549http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.htmlhttp://lists.apple.com/archives/security-announce/2008/Oct/msg00001.htmlhttp://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.htmlhttp://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.htmlhttp://mail-archives.apache.org/mod_mbox/tomcat-users/200710.mbox/%3C47135C2D.1000705@apache.org%3Ehttp://marc.info/?l=bugtraq&m=139344343412337&w=2http://marc.info/?l=full-disclosure&m=119239530508382http://rhn.redhat.com/errata/RHSA-2008-0630.htmlhttp://secunia.com/advisories/27398http://secunia.com/advisories/27446http://secunia.com/advisories/27481http://secunia.com/advisories/27727http://secunia.com/advisories/28317http://secunia.com/advisories/28361http://secunia.com/advisories/29242http://secunia.com/advisories/29313http://secunia.com/advisories/29711http://secunia.com/advisories/30676http://secunia.com/advisories/30802http://secunia.com/advisories/30899http://secunia.com/advisories/30908http://secunia.com/advisories/31493http://secunia.com/advisories/32120http://secunia.com/advisories/32222http://secunia.com/advisories/32266http://secunia.com/advisories/37460http://secunia.com/advisories/57126http://security.gentoo.org/glsa/glsa-200804-10.xmlhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1http://support.apple.com/kb/HT2163http://support.apple.com/kb/HT3216http://support.avaya.com/elmodocs2/security/ASA-2008-401.htmhttp://tomcat.apache.org/security-4.htmlhttp://tomcat.apache.org/security-5.htmlhttp://tomcat.apache.org/security-6.htmlhttp://www.debian.org/security/2008/dsa-1447http://www.debian.org/security/2008/dsa-1453http://www.mandriva.com/security/advisories?name=MDKSA-2007:241http://www.mandriva.com/security/advisories?name=MDVSA-2009:136http://www.redhat.com/support/errata/RHSA-2008-0042.htmlhttp://www.redhat.com/support/errata/RHSA-2008-0195.htmlhttp://www.redhat.com/support/errata/RHSA-2008-0261.htmlhttp://www.redhat.com/support/errata/RHSA-2008-0862.htmlhttp://www.securityfocus.com/archive/1/507985/100/0/threadedhttp://www.securityfocus.com/bid/26070http://www.securityfocus.com/bid/31681http://www.securitytracker.com/id?1018864http://www.vmware.com/security/advisories/VMSA-2008-0010.htmlhttp://www.vmware.com/security/advisories/VMSA-2009-0016.htmlhttp://www.vupen.com/english/advisories/2007/3622http://www.vupen.com/english/advisories/2007/3671http://www.vupen.com/english/advisories/2007/3674http://www.vupen.com/english/advisories/2008/1856/referenceshttp://www.vupen.com/english/advisories/2008/1979/referenceshttp://www.vupen.com/english/advisories/2008/1981/referenceshttp://www.vupen.com/english/advisories/2008/2780http://www.vupen.com/english/advisories/2008/2823http://www.vupen.com/english/advisories/2009/3316http://www-1.ibm.com/support/docview.wss?uid=swg21286112https://exchange.xforce.ibmcloud.com/vulnerabilities/37243https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3Ehttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9202https://www.exploit-db.com/exploits/4530https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.htmlhttps://access.redhat.com/errata/RHSA-2008:0862https://nvd.nist.govhttps://www.exploit-db.com/exploits/4552/https://www.rapid7.com/db/vulnerabilities/apache-tomcat-cve-2007-5342https://www.securityfocus.com/bid/26070