CVE-2007-5461
CVE-2007-5461
Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.
Productos afectados
n/a · n/aPoCs públicas encontradas — 2
exploitdbwww.exploit-db.com/exploits/4552no verificadocve_referencewww.exploit-db.com/exploits/4530no verificado⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.
¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
http://geronimo.apache.org/2007/10/18/potential-vulnerability-in-apache-tomcat-webdav-servlet.htmlhttp://issues.apache.org/jira/browse/GERONIMO-3549http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.htmlhttp://lists.apple.com/archives/security-announce/2008/Oct/msg00001.htmlhttp://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.htmlhttp://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.htmlhttp://mail-archives.apache.org/mod_mbox/tomcat-users/200710.mbox/%3C47135C2D.1000705%40apache.org%3Ehttp://marc.info/?l=bugtraq&m=139344343412337&w=2http://marc.info/?l=full-disclosure&m=119239530508382http://rhn.redhat.com/errata/RHSA-2008-0630.htmlhttp://secunia.com/advisories/27398http://secunia.com/advisories/27446