Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Informations
NameCVE-2007-5461First vendor Publication2007-10-15
VendorCveLast vendor Modification2019-03-25

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:S/C:P/I:N/A:N)
Cvss Base Score3.5Attack RangeNetwork
Cvss Impact Score2.9Attack ComplexityMedium
Cvss Expoit Score6.8AuthenticationRequires single instance
Calculate full CVSS 2.0 Vectors scores

Detail

Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5461

CWE : Common Weakness Enumeration

%idName
100 %CWE-22Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE/SANS Top 25)

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:9202
 
Oval ID: oval:org.mitre.oval:def:9202
Title: Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.
Description: Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.
Family: unix Class: vulnerability
Reference(s): CVE-2007-5461
Version: 5
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7989
 
Oval ID: oval:org.mitre.oval:def:7989
Title: DSA-1447 tomcat5.5 -- several vulnerabilities
Description: Several remote vulnerabilities have been discovered in the Tomcat servlet and JSP engine. The Common Vulnerabilities and Exposures project identifies the following problems: It was discovered that single quotes (') in cookies were treated as a delimiter, which could lead to an information leak. It was discovered that the character sequence \' in cookies was handled incorrectly, which could lead to an information leak. It was discovered that the host manager servlet performed insufficient input validation, which could lead to a cross-site scripting attack. It was discovered that the JULI logging component did not restrict its target path, resulting in potential denial of service through file overwrites. It was discovered that the WebDAV servlet is vulnerable to absolute path traversal. The old stable distribution (sarge) doesn't contain tomcat5.5. For the stable distribution (etch), these problems have been fixed in version 5.5.20-2etch1. For the unstable distribution (sid) these problems will be fixed soon. We recommend that you upgrade your tomcat5.5 packages.
Family: unix Class: patch
Reference(s): DSA-1447
CVE-2007-3382
CVE-2007-3385
CVE-2007-3386
CVE-2007-5342
CVE-2007-5461
Version: 3
Platform(s): Debian GNU/Linux 4.0
Product(s): tomcat5.5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7988
 
Oval ID: oval:org.mitre.oval:def:7988
Title: DSA-1453 tomcat5 -- several vulnerabilities
Description: Several remote vulnerabilities have been discovered in the Tomcat servlet and JSP engine. The Common Vulnerabilities and Exposures project identifies the following problems: It was discovered that single quotes (') in cookies were treated as a delimiter, which could lead to an information leak. It was discovered that the character sequence \' in cookies was handled incorrectly, which could lead to an information leak. It was discovered that the WebDAV servlet is vulnerable to absolute path traversal. The old stable distribution (sarge) doesn't contain tomcat5. For the stable distribution (etch), these problems have been fixed in version 5.0.30-12etch1. The unstable distribution (sid) no longer contains tomcat5. We recommend that you upgrade your tomcat5 packages.
Family: unix Class: patch
Reference(s): DSA-1453
CVE-2007-3382
CVE-2007-3385
CVE-2007-5461
Version: 3
Platform(s): Debian GNU/Linux 4.0
Product(s): tomcat5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18716
 
Oval ID: oval:org.mitre.oval:def:18716
Title: DSA-1447-1 tomcat5.5 several vulnerabilities
Description: Several remote vulnerabilities have been discovered in the Tomcat servlet and JSP engine.
Family: unix Class: patch
Reference(s): DSA-1447-1
CVE-2007-3382
CVE-2007-3385
CVE-2007-3386
CVE-2007-5342
CVE-2007-5461
Version: 7
Platform(s): Debian GNU/Linux 4.0
Product(s): tomcat5.5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18430
 
Oval ID: oval:org.mitre.oval:def:18430
Title: DSA-1453-1 tomcat5 - several vulnerabilities
Description: Several remote vulnerabilities have been discovered in the Tomcat servlet and JSP engine.
Family: unix Class: patch
Reference(s): DSA-1453-1
CVE-2007-3382
CVE-2007-3385
CVE-2007-5461
Version: 7
Platform(s): Debian GNU/Linux 4.0
Product(s): tomcat5
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application44

OpenVAS Exploits

DateDescription
2010-05-12Name : Mac OS X Security Update 2008-007
File : nvt/macosx_secupd_2008-007.nasl
2010-05-12Name : Mac OS X 10.5.4 Update / Mac OS X Security Update 2008-004
File : nvt/macosx_upd_10_5_4_secupd_2008-004.nasl
2009-11-11Name : RedHat Security Advisory RHSA-2009:1563
File : nvt/RHSA_2009_1563.nasl
2009-10-13Name : SLES10: Security update for Websphere Community Edition
File : nvt/sles10_websphere-as_ce0.nasl
2009-06-30Name : Mandrake Security Advisory MDVSA-2009:136 (tomcat5)
File : nvt/mdksa_2009_136.nasl
2009-04-09Name : Mandriva Update for tomcat5 MDKSA-2007:241 (tomcat5)
File : nvt/gb_mandriva_MDKSA_2007_241.nasl
2009-03-06Name : RedHat Update for tomcat RHSA-2008:0042-01
File : nvt/gb_RHSA-2008_0042-01_tomcat.nasl
2009-02-27Name : Fedora Update for tomcat5 FEDORA-2007-3456
File : nvt/gb_fedora_2007_3456_tomcat5_fc7.nasl
2009-02-27Name : Fedora Update for tomcat5 FEDORA-2007-3474
File : nvt/gb_fedora_2007_3474_tomcat5_fc8.nasl
2009-02-18Name : SuSE Security Summary SUSE-SR:2009:004
File : nvt/suse_sr_2009_004.nasl
2009-02-17Name : Fedora Update for tomcat5 FEDORA-2008-8130
File : nvt/gb_fedora_2008_8130_tomcat5_fc8.nasl
2009-02-16Name : Fedora Update for tomcat5 FEDORA-2008-1467
File : nvt/gb_fedora_2008_1467_tomcat5_fc7.nasl
2009-02-16Name : Fedora Update for tomcat5 FEDORA-2008-1603
File : nvt/gb_fedora_2008_1603_tomcat5_fc8.nasl
2008-09-24Name : Gentoo Security Advisory GLSA 200804-10 (tomcat)
File : nvt/glsa_200804_10.nasl
2008-01-17Name : Debian Security Advisory DSA 1447-1 (tomcat5.5)
File : nvt/deb_1447_1.nasl
2008-01-17Name : Debian Security Advisory DSA 1453-1 (tomcat5)
File : nvt/deb_1453_1.nasl

Open Source Vulnerability Database (OSVDB)

idDescription
38187Apache Geronimo / Tomcat WebDAV XML SYSTEM Tag Arbitrary File Access

Snort® IPS/IDS

DateDescription
2014-01-10Apache Tomcat WebDAV system tag remote file disclosure attempt
RuleID : 12711 - Revision : 6 - Type : SERVER-APACHE

Nessus® Vulnerability Scanner

DateDescription
2016-03-03Name : The remote host is missing a security-related patch.
File : vmware_VMSA-2009-0016_remote.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2008-0042.nasl - Type : ACT_GATHER_INFO
2013-01-24Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2008-0151.nasl - Type : ACT_GATHER_INFO
2013-01-24Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2008-0213.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20080311_tomcat_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2010-07-01Name : The remote Apache Tomcat server is affected by multiple vulnerabilities.
File : tomcat_5_5_26.nasl - Type : ACT_GATHER_INFO
2010-07-01Name : The remote Apache Tomcat server is affected by multiple vulnerabilities.
File : tomcat_6_0_16.nasl - Type : ACT_GATHER_INFO
2010-06-16Name : The remote Apache Tomcat server is affected by multiple vulnerabilities.
File : tomcat_4_1_37.nasl - Type : ACT_GATHER_INFO
2010-01-10Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2008-0630.nasl - Type : ACT_GATHER_INFO
2010-01-10Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2008-0261.nasl - Type : ACT_GATHER_INFO
2010-01-10Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2008-0524.nasl - Type : ACT_GATHER_INFO
2010-01-06Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2008-0042.nasl - Type : ACT_GATHER_INFO
2009-11-23Name : The remote VMware ESXi / ESX host is missing one or more security-related pat...
File : vmware_VMSA-2009-0016.nasl - Type : ACT_GATHER_INFO
2009-09-24Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_websphere-as_ce-5850.nasl - Type : ACT_GATHER_INFO
2009-07-27Name : The remote VMware ESX host is missing a security-related patch.
File : vmware_VMSA-2008-0010.nasl - Type : ACT_GATHER_INFO
2009-06-23Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-136.nasl - Type : ACT_GATHER_INFO
2009-04-23Name : The remote Mandrake Linux host is missing one or more security updates.
File : mandrake_MDKSA-2007-241.nasl - Type : ACT_GATHER_INFO
2008-10-10Name : The remote host is missing a Mac OS X update that fixes various security issues.
File : macosx_SecUpd2008-007.nasl - Type : ACT_GATHER_INFO
2008-09-17Name : The remote Fedora host is missing a security update.
File : fedora_2008-8130.nasl - Type : ACT_GATHER_INFO
2008-07-01Name : The remote host is missing a Mac OS X update that fixes various security issues.
File : macosx_10_5_4.nasl - Type : ACT_GATHER_INFO
2008-07-01Name : The remote host is missing a Mac OS X update that fixes various security issues.
File : macosx_SecUpd2008-004.nasl - Type : ACT_GATHER_INFO
2008-04-17Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200804-10.nasl - Type : ACT_GATHER_INFO
2008-03-13Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2008-0042.nasl - Type : ACT_GATHER_INFO
2008-02-14Name : The remote Fedora host is missing a security update.
File : fedora_2008-1467.nasl - Type : ACT_GATHER_INFO
2008-02-14Name : The remote Fedora host is missing a security update.
File : fedora_2008-1603.nasl - Type : ACT_GATHER_INFO
2008-01-08Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1453.nasl - Type : ACT_GATHER_INFO
2008-01-07Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1447.nasl - Type : ACT_GATHER_INFO
2007-11-20Name : The remote Fedora host is missing a security update.
File : fedora_2007-3456.nasl - Type : ACT_GATHER_INFO
2007-11-20Name : The remote Fedora host is missing a security update.
File : fedora_2007-3474.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

SourceUrl
APPLE http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html
http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
BID http://www.securityfocus.com/bid/26070
http://www.securityfocus.com/bid/31681
BUGTRAQ http://www.securityfocus.com/archive/1/507985/100/0/threaded
CONFIRM http://geronimo.apache.org/2007/10/18/potential-vulnerability-in-apache-tomca...
http://support.apple.com/kb/HT2163
http://support.apple.com/kb/HT3216
http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm
http://tomcat.apache.org/security-4.html
http://tomcat.apache.org/security-5.html
http://tomcat.apache.org/security-6.html
http://www-1.ibm.com/support/docview.wss?uid=swg21286112
http://www.vmware.com/security/advisories/VMSA-2008-0010.html
http://www.vmware.com/security/advisories/VMSA-2009-0016.html
DEBIAN http://www.debian.org/security/2008/dsa-1447
http://www.debian.org/security/2008/dsa-1453
EXPLOIT-DB https://www.exploit-db.com/exploits/4530
FEDORA https://www.redhat.com/archives/fedora-package-announce/2007-November/msg0052...
FULLDISC http://marc.info/?l=full-disclosure&m=119239530508382
GENTOO http://security.gentoo.org/glsa/glsa-200804-10.xml
HP http://marc.info/?l=bugtraq&m=139344343412337&w=2
MANDRIVA http://www.mandriva.com/security/advisories?name=MDKSA-2007:241
http://www.mandriva.com/security/advisories?name=MDVSA-2009:136
MISC http://issues.apache.org/jira/browse/GERONIMO-3549
MLIST http://mail-archives.apache.org/mod_mbox/tomcat-users/200710.mbox/%3C47135C2D...
https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efb...
https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff...
https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c8...
https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957...
REDHAT http://rhn.redhat.com/errata/RHSA-2008-0630.html
http://www.redhat.com/support/errata/RHSA-2008-0042.html
http://www.redhat.com/support/errata/RHSA-2008-0195.html
http://www.redhat.com/support/errata/RHSA-2008-0261.html
http://www.redhat.com/support/errata/RHSA-2008-0862.html
SECTRACK http://www.securitytracker.com/id?1018864
SUNALERT http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1
SUSE http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
VUPEN http://www.vupen.com/english/advisories/2007/3622
http://www.vupen.com/english/advisories/2007/3671
http://www.vupen.com/english/advisories/2007/3674
http://www.vupen.com/english/advisories/2008/1856/references
http://www.vupen.com/english/advisories/2008/1979/references
http://www.vupen.com/english/advisories/2008/1981/references
http://www.vupen.com/english/advisories/2008/2780
http://www.vupen.com/english/advisories/2008/2823
http://www.vupen.com/english/advisories/2009/3316
XF https://exchange.xforce.ibmcloud.com/vulnerabilities/37243

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
DateInformations
2019-03-25 17:18:56
  • Multiple Updates
2019-03-21 21:19:08
  • Multiple Updates
2018-10-16 00:19:18
  • Multiple Updates
2017-09-29 09:23:15
  • Multiple Updates
2017-07-29 12:02:36
  • Multiple Updates
2016-10-25 00:23:59
  • Multiple Updates
2016-04-26 16:42:38
  • Multiple Updates
2016-03-04 13:26:24
  • Multiple Updates
2014-03-18 13:21:47
  • Multiple Updates
2014-03-08 13:21:24
  • Multiple Updates
2014-02-17 10:42:09
  • Multiple Updates
2014-01-19 21:24:32
  • Multiple Updates
2013-05-11 10:39:20
  • Multiple Updates