CVE-2007-5461
CVE-2007-5461
Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.
Produtos afetados
n/a · n/aPoCs públicas encontradas — 2
exploitdbwww.exploit-db.com/exploits/4552não verificadocve_referencewww.exploit-db.com/exploits/4530não verificado⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.
Quer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
http://geronimo.apache.org/2007/10/18/potential-vulnerability-in-apache-tomcat-webdav-servlet.htmlhttp://issues.apache.org/jira/browse/GERONIMO-3549http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.htmlhttp://lists.apple.com/archives/security-announce/2008/Oct/msg00001.htmlhttp://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.htmlhttp://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.htmlhttp://mail-archives.apache.org/mod_mbox/tomcat-users/200710.mbox/%3C47135C2D.1000705%40apache.org%3Ehttp://marc.info/?l=bugtraq&m=139344343412337&w=2http://marc.info/?l=full-disclosure&m=119239530508382http://rhn.redhat.com/errata/RHSA-2008-0630.htmlhttp://secunia.com/advisories/27398http://secunia.com/advisories/27446