CVE-2007-5461: Path Traversal
First published: Mon Oct 15 2007(Updated: )
Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.
Credit: secalert@redhat.com secalert@redhat.com secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apache Tomcat | =4.0.0 | |
| Apache Tomcat | =4.0.1 | |
| Apache Tomcat | =4.0.2 | |
| Apache Tomcat | =4.0.3 | |
| Apache Tomcat | =4.0.4 | |
| Apache Tomcat | =4.0.5 | |
| Apache Tomcat | =4.0.6 | |
| Apache Tomcat | =4.1.0 | |
| Apache Tomcat | =4.1.1 | |
| Apache Tomcat | =4.1.2 | |
| Apache Tomcat | =4.1.3 | |
| Apache Tomcat | =4.1.4 | |
| Apache Tomcat | =4.1.5 | |
| Apache Tomcat | =4.1.6 | |
| Apache Tomcat | =4.1.7 | |
| Apache Tomcat | =4.1.8 | |
| Apache Tomcat | =4.1.9 | |
| Apache Tomcat | =4.1.10 | |
| Apache Tomcat | =4.1.11 | |
| Apache Tomcat | =4.1.12 | |
| Apache Tomcat | =4.1.13 | |
| Apache Tomcat | =4.1.14 | |
| Apache Tomcat | =4.1.15 | |
| Apache Tomcat | =4.1.16 | |
| Apache Tomcat | =4.1.17 | |
| Apache Tomcat | =4.1.18 | |
| Apache Tomcat | =4.1.19 | |
| Apache Tomcat | =4.1.20 | |
| Apache Tomcat | =4.1.21 | |
| Apache Tomcat | =4.1.22 | |
| Apache Tomcat | =4.1.23 | |
| Apache Tomcat | =4.1.24 | |
| Apache Tomcat | =4.1.25 | |
| Apache Tomcat | =4.1.26 | |
| Apache Tomcat | =4.1.27 | |
| Apache Tomcat | =4.1.28 | |
| Apache Tomcat | =4.1.29 | |
| Apache Tomcat | =4.1.30 | |
| Apache Tomcat | =4.1.31 | |
| Apache Tomcat | =4.1.32 | |
| Apache Tomcat | =4.1.33 | |
| Apache Tomcat | =4.1.34 | |
| Apache Tomcat | =4.1.35 | |
| Apache Tomcat | =4.1.36 | |
| =4.0.0 | ||
| =4.0.1 | ||
| =4.0.2 | ||
| =4.0.3 | ||
| =4.0.4 | ||
| =4.0.5 | ||
| =4.0.6 | ||
| =4.1.0 | ||
| =4.1.1 | ||
| =4.1.2 | ||
| =4.1.3 | ||
| =4.1.4 | ||
| =4.1.5 | ||
| =4.1.6 | ||
| =4.1.7 | ||
| =4.1.8 | ||
| =4.1.9 | ||
| =4.1.10 | ||
| =4.1.11 | ||
| =4.1.12 | ||
| =4.1.13 | ||
| =4.1.14 | ||
| =4.1.15 | ||
| =4.1.16 | ||
| =4.1.17 | ||
| =4.1.18 | ||
| =4.1.19 | ||
| =4.1.20 | ||
| =4.1.21 | ||
| =4.1.22 | ||
| =4.1.23 | ||
| =4.1.24 | ||
| =4.1.25 | ||
| =4.1.26 | ||
| =4.1.27 | ||
| =4.1.28 | ||
| =4.1.29 | ||
| =4.1.30 | ||
| =4.1.31 | ||
| =4.1.32 | ||
| =4.1.33 | ||
| =4.1.34 | ||
| =4.1.35 | ||
| =4.1.36 | ||
| maven/org.apache.tomcat:tomcat | >=6.0.0<=6.0.14 | |
| maven/org.apache.tomcat:tomcat | >=5.5.0<=5.5.25 | |
| maven/org.apache.tomcat:tomcat | =5.0.0 | |
| maven/org.apache.tomcat:tomcat | =4.1.0 | |
| maven/org.apache.tomcat:tomcat | >=4.0.0<=4.0.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://nvd.nist.gov/vuln/detail/CVE-2007-5461
- https://exchange.xforce.ibmcloud.com/vulnerabilities/37243
- https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E
- https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html
- http://geronimo.apache.org/2007/10/18/potential-vulnerability-in-apache-tomcat-webdav-servlet.html
- http://issues.apache.org/jira/browse/GERONIMO-3549
- http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html
- http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
- http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html
- http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
- http://mail-archives.apache.org/mod_mbox/tomcat-users/200710.mbox/%3C47135C2D.1000705@apache.org%3E
- http://marc.info/?l=bugtraq&m=139344343412337&w=2
- http://marc.info/?l=full-disclosure&m=119239530508382
- http://rhn.redhat.com/errata/RHSA-2008-0630.html
- http://security.gentoo.org/glsa/glsa-200804-10.xml
- http://support.apple.com/kb/HT2163
- http://support.apple.com/kb/HT3216
- http://tomcat.apache.org/security-4.html
- http://tomcat.apache.org/security-5.html
- http://tomcat.apache.org/security-6.html
- http://www.debian.org/security/2008/dsa-1447
- http://www.debian.org/security/2008/dsa-1453
- http://www.redhat.com/support/errata/RHSA-2008-0042.html
- http://www.redhat.com/support/errata/RHSA-2008-0195.html
- http://www.redhat.com/support/errata/RHSA-2008-0261.html
- http://www.redhat.com/support/errata/RHSA-2008-0862.html
- https://github.com/apache/tomcat/commit/1e7b31e24801777f4de45d565f6a20a5377dd22c
- https://github.com/apache/tomcat/commit/901292cf9d7d8225f8a3b96c7583e2bd8b41772d
- https://github.com/advisories/GHSA-v5p2-vg3c-pmrr (Advisory)
- http://mail-archives.apache.org/mod_mbox/tomcat-users/200710.mbox/%3C47135C2D.1000705%40apache.org%3E
- http://secunia.com/advisories/27398
- http://secunia.com/advisories/27446
- http://secunia.com/advisories/27481
- http://secunia.com/advisories/27727
- http://secunia.com/advisories/28317
- http://secunia.com/advisories/28361
- http://secunia.com/advisories/29242
- http://secunia.com/advisories/29313
- http://secunia.com/advisories/29711
- http://secunia.com/advisories/30676
- http://secunia.com/advisories/30802
- http://secunia.com/advisories/30899
- http://secunia.com/advisories/30908
- http://secunia.com/advisories/31493
- http://secunia.com/advisories/32120
- http://secunia.com/advisories/32222
- http://secunia.com/advisories/32266
- http://secunia.com/advisories/37460
- http://secunia.com/advisories/57126
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1
- http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm
- http://www-1.ibm.com/support/docview.wss?uid=swg21286112
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:241
- http://www.mandriva.com/security/advisories?name=MDVSA-2009:136
- http://www.securityfocus.com/archive/1/507985/100/0/threaded
- http://www.securityfocus.com/bid/26070
- http://www.securityfocus.com/bid/31681
- http://www.securitytracker.com/id?1018864
- http://www.vmware.com/security/advisories/VMSA-2008-0010.html
- http://www.vmware.com/security/advisories/VMSA-2009-0016.html
- http://www.vupen.com/english/advisories/2007/3622
- http://www.vupen.com/english/advisories/2007/3671
- http://www.vupen.com/english/advisories/2007/3674
- http://www.vupen.com/english/advisories/2008/1856/references
- http://www.vupen.com/english/advisories/2008/1979/references
- http://www.vupen.com/english/advisories/2008/1981/references
- http://www.vupen.com/english/advisories/2008/2780
- http://www.vupen.com/english/advisories/2008/2823
- http://www.vupen.com/english/advisories/2009/3316
- https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9202
- https://www.exploit-db.com/exploits/4530
Frequently Asked Questions
What is the severity of CVE-2007-5461?
CVE-2007-5461 has been rated as a medium severity vulnerability.
How do I fix CVE-2007-5461?
To fix CVE-2007-5461, upgrade Apache Tomcat to version 6.0.15 or later.
Which versions of Apache Tomcat are affected by CVE-2007-5461?
CVE-2007-5461 affects Apache Tomcat versions 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14.
What types of users can exploit CVE-2007-5461?
CVE-2007-5461 can be exploited by remote authenticated users.
What is an absolute path traversal vulnerability in the context of CVE-2007-5461?
An absolute path traversal vulnerability allows an attacker to read arbitrary files from the server by using manipulated input.
- collector/nvd-historical
- collector/nvd-index
- collector/nvd-api
- collector/github-advisory-latest
- alias/GHSA-v5p2-vg3c-pmrr
- alias/CVE-2007-5461
- agent/type
- agent/softwarecombine
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup
- collector/github-advisory
- source/GitHub
- agent/references
- agent/author
- agent/severity
- agent/weakness
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/description
- agent/event
- agent/first-publish-date
- agent/trending
- agent/tags
- agent/source
- vendor/apache
- canonical/apache tomcat
- version/apache tomcat/4.1.2
- version/apache tomcat/4.0.4
- version/apache tomcat/4.1.35
- version/apache tomcat/4.1.36
- version/apache tomcat/4.1.21
- version/apache tomcat/4.1.24
- version/apache tomcat/4.1.25
- version/apache tomcat/4.1.4
- version/apache tomcat/4.1.27
- version/apache tomcat/4.1.30
- version/apache tomcat/4.1.7
- version/apache tomcat/4.1.11
- version/apache tomcat/4.1.18
- version/apache tomcat/4.1.14
- version/apache tomcat/4.1.19
- version/apache tomcat/4.1.31
- version/apache tomcat/4.1.16
- version/apache tomcat/4.1.29
- version/apache tomcat/4.1.22
- version/apache tomcat/4.0.6
- version/apache tomcat/4.1.5
- version/apache tomcat/4.1.26
- version/apache tomcat/4.1.13
- version/apache tomcat/4.1.8
- version/apache tomcat/4.0.3
- version/apache tomcat/4.1.17
- version/apache tomcat/4.0.1
- version/apache tomcat/4.1.33
- version/apache tomcat/4.1.1
- version/apache tomcat/4.1.12
- version/apache tomcat/4.1.28
- version/apache tomcat/4.1.15
- version/apache tomcat/4.1.10
- version/apache tomcat/4.1.0
- version/apache tomcat/4.1.20
- version/apache tomcat/4.0.2
- version/apache tomcat/4.1.3
- version/apache tomcat/4.0.5
- version/apache tomcat/4.1.23
- version/apache tomcat/4.0.0
- version/apache tomcat/4.1.34
- version/apache tomcat/4.1.32
- version/apache tomcat/4.1.6
- version/apache tomcat/4.1.9
- package-manager/maven