Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.
References
Configurations
Configuration 1 (hide)
|
History
07 Nov 2023, 02:01
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2007-10-15 18:17
Updated : 2024-02-28 11:01
NVD link : CVE-2007-5461
Mitre link : CVE-2007-5461
CVE.ORG link : CVE-2007-5461
JSON object : View
Products Affected
apache
- tomcat
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')