Launchpad.net

CVE 2007-5461

Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.

Related bugs and status

CVE-2007-5461 (Candidate) is related to these bugs:

Bug #175505: [tomcat5] multiple vulnerabilities

		In	Importance	Status
175505	[tomcat5] multiple vulnerabilities	tomcat5 (Ubuntu)	Undecided	Invalid
175505	[tomcat5] multiple vulnerabilities	tomcat5 (Ubuntu Dapper)	Undecided	Won't Fix
175505	[tomcat5] multiple vulnerabilities	tomcat5 (Ubuntu Edgy)	Undecided	Won't Fix
175505	[tomcat5] multiple vulnerabilities	tomcat5 (Ubuntu Feisty)	Undecided	Won't Fix
175505	[tomcat5] multiple vulnerabilities	tomcat5.5 (Ubuntu)	Undecided	Fix Released
175505	[tomcat5] multiple vulnerabilities	tomcat5.5 (Ubuntu Dapper)	Undecided	Invalid
175505	[tomcat5] multiple vulnerabilities	tomcat5.5 (Ubuntu Edgy)	Undecided	Won't Fix
175505	[tomcat5] multiple vulnerabilities	tomcat5.5 (Ubuntu Feisty)	Undecided	Won't Fix
175505	[tomcat5] multiple vulnerabilities	tomcat5 (Ubuntu Gutsy)	Undecided	Invalid
175505	[tomcat5] multiple vulnerabilities	tomcat5.5 (Ubuntu Gutsy)	Undecided	Won't Fix
175505	[tomcat5] multiple vulnerabilities	tomcat5 (Ubuntu Hardy)	Undecided	Invalid
175505	[tomcat5] multiple vulnerabilities	tomcat5.5 (Ubuntu Hardy)	Undecided	Fix Released

Bug #179491: please merge tomcat5.5 (5.5.25-5) from Debian unstable (main)

Summary				In	Importance	Status
	179491	please merge tomcat5.5 (5.5.25-5) from Debian unstable (main)		tomcat5.5 (Ubuntu)	Wishlist	Fix Released

See the

CVE page on Mitre.org for more details.

References

BID: 26070
CONFIRM: http://tomcat.apache.o...
CONFIRM: http://tomcat.apache.o...
CONFIRM: http://tomcat.apache.o...
SECUNIA: 27398
SECTRACK: 1018864
MLIST: [tomcat-users] 2007101...
CONFIRM: http://geronimo.apache...
CONFIRM: http://www-1.ibm.com/s...
SECUNIA: 27446
SECUNIA: 27481
MISC: http://issues.apache.o...
FEDORA: FEDORA-2007-3456
SECUNIA: 27727
MANDRIVA: MDKSA-2007:241
DEBIAN: DSA-1447
DEBIAN: DSA-1453
SECUNIA: 28317
SECUNIA: 28361
SUSE: SUSE-SR:2008:005
SECUNIA: 29242
REDHAT: RHSA-2008:0042
SECUNIA: 29313
GENTOO: GLSA-200804-10
SECUNIA: 29711
REDHAT: RHSA-2008:0195
REDHAT: RHSA-2008:0261
CONFIRM: http://www.vmware.com/...
SECUNIA: 30676
CONFIRM: http://support.apple.c...
APPLE: APPLE-SA-2008-06-30
SUNALERT: 239312
SECUNIA: 30802
SECUNIA: 30908
SECUNIA: 30899
REDHAT: RHSA-2008:0630
SECUNIA: 31493
REDHAT: RHSA-2008:0862
APPLE: APPLE-SA-2008-10-09
BID: 31681
CONFIRM: http://support.apple.c...
SECUNIA: 32222
CONFIRM: http://support.avaya.c...
SUSE: SUSE-SR:2009:004
SECUNIA: 32120
SECUNIA: 32266
MANDRIVA: MDVSA-2009:136
CONFIRM: http://www.vmware.com/...
SECUNIA: 37460
VUPEN: ADV-2009-3316
VUPEN: ADV-2007-3622
VUPEN: ADV-2007-3671
VUPEN: ADV-2007-3674
VUPEN: ADV-2008-1856
VUPEN: ADV-2008-1981
VUPEN: ADV-2008-1979
VUPEN: ADV-2008-2823
VUPEN: ADV-2008-2780
SECUNIA: 57126
FULLDISC: 20071014 Apache Tomcat...
HP: HPSBST02955
XF: apache-tomcat-webdav-d...
EXPLOIT-DB: 4530
OVAL: oval:org.mitre.oval:de...
BUGTRAQ: 20091120 VMSA-2009-001...
MLIST: [tomcat-dev] 20190319 ...
MLIST: [tomcat-dev] 20190319 ...
MLIST: [tomcat-dev] 20190325 ...
MLIST: [tomcat-dev] 20190325 ...
MLIST: [tomcat-dev] 20200203 ...
MLIST: [tomcat-dev] 20200213 ...
MLIST: [tomcat-dev] 20200213 ...