CVE-2007-5461

Apache Tomcat - WebDAV SSL Remote File Disclosure

Severity Score

6.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.

Vulnerabilidad de salto de ruta absoluta en Apache Tomcat 4.0.0 hasta la versión 4.0.6, 4.1.0, 5.0.0, 5.5.0 hasta la versión 5.5.25 y 6.0.0 hasta la versión 6.0.14, bajo determinadas configuraciones, permite a usuarios remotos autenticados leer archivos arbitrarios a través de una petición de escritura WebDAV que especifica una entidad con una etiqueta SYSTEM.

Potential security vulnerabilities have been identified in 3rd party software used in HP XP P9000 Performance Advisor running Oracle and Apache Tomcat Software. HP has updated the Apache Tomcat and Oracle database software to address vulnerabilities affecting confidentiality, availability, and integrity. Revision 1 of this advisory.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Attack Vector

Network

Attack Complexity

Medium

Authentication

Single

Confidentiality

Partial

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2007-10-15 CVE Reserved
2007-10-15 CVE Published
2007-10-21 First Exploit
2024-08-07 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CAPEC

References (75)

URL	Tag	Source
http://geronimo.apache.org/2007/10/18/potential-vulnerability-in-apache-tomcat-webdav-servlet.html	X_refsource_confirm
http://issues.apache.org/jira/browse/GERONIMO-3549	X_refsource_misc
http://mail-archives.apache.org/mod_mbox/tomcat-users/200710.mbox/%3C47135C2D.1000705%40apache.org%3E	Mailing List
http://secunia.com/advisories/27398	Third Party Advisory
http://secunia.com/advisories/27446	Third Party Advisory
http://secunia.com/advisories/27481	Third Party Advisory
http://secunia.com/advisories/27727	Third Party Advisory
http://secunia.com/advisories/28317	Third Party Advisory
http://secunia.com/advisories/28361	Third Party Advisory
http://secunia.com/advisories/29242	Third Party Advisory
http://secunia.com/advisories/29313	Third Party Advisory
http://secunia.com/advisories/29711	Third Party Advisory
http://secunia.com/advisories/30676	Third Party Advisory
http://secunia.com/advisories/30802	Third Party Advisory
http://secunia.com/advisories/30899	Third Party Advisory
http://secunia.com/advisories/30908	Third Party Advisory
http://secunia.com/advisories/31493	Third Party Advisory
http://secunia.com/advisories/32120	Third Party Advisory
http://secunia.com/advisories/32222	Third Party Advisory
http://secunia.com/advisories/32266	Third Party Advisory
http://secunia.com/advisories/37460	Third Party Advisory
http://secunia.com/advisories/57126	Third Party Advisory
http://support.apple.com/kb/HT2163	X_refsource_confirm
http://support.apple.com/kb/HT3216	X_refsource_confirm
http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm	X_refsource_confirm
http://tomcat.apache.org/security-4.html	X_refsource_confirm
http://tomcat.apache.org/security-5.html	X_refsource_confirm
http://tomcat.apache.org/security-6.html	X_refsource_confirm
http://www-1.ibm.com/support/docview.wss?uid=swg21286112	X_refsource_confirm
http://www.securityfocus.com/archive/1/507985/100/0/threaded	Mailing List
http://www.securityfocus.com/bid/26070	Vdb Entry
http://www.securityfocus.com/bid/31681	Vdb Entry
http://www.securitytracker.com/id?1018864	Vdb Entry
http://www.vmware.com/security/advisories/VMSA-2008-0010.html	X_refsource_confirm
http://www.vmware.com/security/advisories/VMSA-2009-0016.html	X_refsource_confirm
http://www.vupen.com/english/advisories/2007/3622	Vdb Entry
http://www.vupen.com/english/advisories/2007/3671	Vdb Entry
http://www.vupen.com/english/advisories/2007/3674	Vdb Entry
http://www.vupen.com/english/advisories/2008/1856/references	Vdb Entry
http://www.vupen.com/english/advisories/2008/1979/references	Vdb Entry
http://www.vupen.com/english/advisories/2008/1981/references	Vdb Entry
http://www.vupen.com/english/advisories/2008/2780	Vdb Entry
http://www.vupen.com/english/advisories/2008/2823	Vdb Entry
http://www.vupen.com/english/advisories/2009/3316	Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/37243	Vdb Entry
https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E	Mailing List
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9202	Signature

URL	Date	SRC
https://www.exploit-db.com/exploits/4552	2007-10-21
https://www.exploit-db.com/exploits/4530	2024-08-07
http://marc.info/?l=full-disclosure&m=119239530508382	2024-08-07

URL	Date	SRC

URL	Date	SRC
http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html	2023-11-07
http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html	2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html	2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html	2023-11-07
http://marc.info/?l=bugtraq&m=139344343412337&w=2	2023-11-07
http://rhn.redhat.com/errata/RHSA-2008-0630.html	2023-11-07
http://security.gentoo.org/glsa/glsa-200804-10.xml	2023-11-07
http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1	2023-11-07
http://www.debian.org/security/2008/dsa-1447	2023-11-07
http://www.debian.org/security/2008/dsa-1453	2023-11-07
http://www.mandriva.com/security/advisories?name=MDKSA-2007:241	2023-11-07
http://www.mandriva.com/security/advisories?name=MDVSA-2009:136	2023-11-07
http://www.redhat.com/support/errata/RHSA-2008-0042.html	2023-11-07
http://www.redhat.com/support/errata/RHSA-2008-0195.html	2023-11-07
http://www.redhat.com/support/errata/RHSA-2008-0261.html	2023-11-07
http://www.redhat.com/support/errata/RHSA-2008-0862.html	2023-11-07
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html	2023-11-07
https://access.redhat.com/security/cve/CVE-2007-5461	2010-08-04
https://bugzilla.redhat.com/show_bug.cgi?id=333791	2010-08-04

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				4.0.0 Search vendor "Apache" for product "Tomcat" and version "4.0.0"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				4.0.1 Search vendor "Apache" for product "Tomcat" and version "4.0.1"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				4.0.2 Search vendor "Apache" for product "Tomcat" and version "4.0.2"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				4.0.3 Search vendor "Apache" for product "Tomcat" and version "4.0.3"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				4.0.4 Search vendor "Apache" for product "Tomcat" and version "4.0.4"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				4.0.5 Search vendor "Apache" for product "Tomcat" and version "4.0.5"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				4.0.6 Search vendor "Apache" for product "Tomcat" and version "4.0.6"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				4.1.0 Search vendor "Apache" for product "Tomcat" and version "4.1.0"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				4.1.1 Search vendor "Apache" for product "Tomcat" and version "4.1.1"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				4.1.2 Search vendor "Apache" for product "Tomcat" and version "4.1.2"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				4.1.3 Search vendor "Apache" for product "Tomcat" and version "4.1.3"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				4.1.4 Search vendor "Apache" for product "Tomcat" and version "4.1.4"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				4.1.5 Search vendor "Apache" for product "Tomcat" and version "4.1.5"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				4.1.6 Search vendor "Apache" for product "Tomcat" and version "4.1.6"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				4.1.7 Search vendor "Apache" for product "Tomcat" and version "4.1.7"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				4.1.8 Search vendor "Apache" for product "Tomcat" and version "4.1.8"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				4.1.9 Search vendor "Apache" for product "Tomcat" and version "4.1.9"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				4.1.10 Search vendor "Apache" for product "Tomcat" and version "4.1.10"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				4.1.11 Search vendor "Apache" for product "Tomcat" and version "4.1.11"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				4.1.12 Search vendor "Apache" for product "Tomcat" and version "4.1.12"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				4.1.13 Search vendor "Apache" for product "Tomcat" and version "4.1.13"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				4.1.14 Search vendor "Apache" for product "Tomcat" and version "4.1.14"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				4.1.15 Search vendor "Apache" for product "Tomcat" and version "4.1.15"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				4.1.16 Search vendor "Apache" for product "Tomcat" and version "4.1.16"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				4.1.17 Search vendor "Apache" for product "Tomcat" and version "4.1.17"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				4.1.18 Search vendor "Apache" for product "Tomcat" and version "4.1.18"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				4.1.19 Search vendor "Apache" for product "Tomcat" and version "4.1.19"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				4.1.20 Search vendor "Apache" for product "Tomcat" and version "4.1.20"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				4.1.21 Search vendor "Apache" for product "Tomcat" and version "4.1.21"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				4.1.22 Search vendor "Apache" for product "Tomcat" and version "4.1.22"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				4.1.23 Search vendor "Apache" for product "Tomcat" and version "4.1.23"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				4.1.24 Search vendor "Apache" for product "Tomcat" and version "4.1.24"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				4.1.25 Search vendor "Apache" for product "Tomcat" and version "4.1.25"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				4.1.26 Search vendor "Apache" for product "Tomcat" and version "4.1.26"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				4.1.27 Search vendor "Apache" for product "Tomcat" and version "4.1.27"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				4.1.28 Search vendor "Apache" for product "Tomcat" and version "4.1.28"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				4.1.29 Search vendor "Apache" for product "Tomcat" and version "4.1.29"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				4.1.30 Search vendor "Apache" for product "Tomcat" and version "4.1.30"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				4.1.31 Search vendor "Apache" for product "Tomcat" and version "4.1.31"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				4.1.32 Search vendor "Apache" for product "Tomcat" and version "4.1.32"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				4.1.33 Search vendor "Apache" for product "Tomcat" and version "4.1.33"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				4.1.34 Search vendor "Apache" for product "Tomcat" and version "4.1.34"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				4.1.35 Search vendor "Apache" for product "Tomcat" and version "4.1.35"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				4.1.36 Search vendor "Apache" for product "Tomcat" and version "4.1.36"		-		Affected