CVE-2007-5461
Apache Tomcat - WebDAV SSL Remote File Disclosure
Severity Score
3.5
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
3
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.
Vulnerabilidad de salto de ruta absoluta en Apache Tomcat 4.0.0 hasta la versión 4.0.6, 4.1.0, 5.0.0, 5.5.0 hasta la versión 5.5.25 y 6.0.0 hasta la versión 6.0.14, bajo determinadas configuraciones, permite a usuarios remotos autenticados leer archivos arbitrarios a través de una petición de escritura WebDAV que especifica una entidad con una etiqueta SYSTEM.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2007-10-15 CVE Reserved
- 2007-10-15 CVE Published
- 2007-10-21 First Exploit
- 2024-08-07 CVE Updated
- 2024-08-18 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
References (75)
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/4552 | 2007-10-21 | |
| https://www.exploit-db.com/exploits/4530 | 2024-08-07 | |
| http://marc.info/?l=full-disclosure&m=119239530508382 | 2024-08-07 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 4.0.0 Search vendor "Apache" for product "Tomcat" and version "4.0.0" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 4.0.1 Search vendor "Apache" for product "Tomcat" and version "4.0.1" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 4.0.2 Search vendor "Apache" for product "Tomcat" and version "4.0.2" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 4.0.3 Search vendor "Apache" for product "Tomcat" and version "4.0.3" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 4.0.4 Search vendor "Apache" for product "Tomcat" and version "4.0.4" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 4.0.5 Search vendor "Apache" for product "Tomcat" and version "4.0.5" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 4.0.6 Search vendor "Apache" for product "Tomcat" and version "4.0.6" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 4.1.0 Search vendor "Apache" for product "Tomcat" and version "4.1.0" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 4.1.1 Search vendor "Apache" for product "Tomcat" and version "4.1.1" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 4.1.2 Search vendor "Apache" for product "Tomcat" and version "4.1.2" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 4.1.3 Search vendor "Apache" for product "Tomcat" and version "4.1.3" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 4.1.4 Search vendor "Apache" for product "Tomcat" and version "4.1.4" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 4.1.5 Search vendor "Apache" for product "Tomcat" and version "4.1.5" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 4.1.6 Search vendor "Apache" for product "Tomcat" and version "4.1.6" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 4.1.7 Search vendor "Apache" for product "Tomcat" and version "4.1.7" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 4.1.8 Search vendor "Apache" for product "Tomcat" and version "4.1.8" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 4.1.9 Search vendor "Apache" for product "Tomcat" and version "4.1.9" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 4.1.10 Search vendor "Apache" for product "Tomcat" and version "4.1.10" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 4.1.11 Search vendor "Apache" for product "Tomcat" and version "4.1.11" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 4.1.12 Search vendor "Apache" for product "Tomcat" and version "4.1.12" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 4.1.13 Search vendor "Apache" for product "Tomcat" and version "4.1.13" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 4.1.14 Search vendor "Apache" for product "Tomcat" and version "4.1.14" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 4.1.15 Search vendor "Apache" for product "Tomcat" and version "4.1.15" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 4.1.16 Search vendor "Apache" for product "Tomcat" and version "4.1.16" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 4.1.17 Search vendor "Apache" for product "Tomcat" and version "4.1.17" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 4.1.18 Search vendor "Apache" for product "Tomcat" and version "4.1.18" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 4.1.19 Search vendor "Apache" for product "Tomcat" and version "4.1.19" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 4.1.20 Search vendor "Apache" for product "Tomcat" and version "4.1.20" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 4.1.21 Search vendor "Apache" for product "Tomcat" and version "4.1.21" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 4.1.22 Search vendor "Apache" for product "Tomcat" and version "4.1.22" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 4.1.23 Search vendor "Apache" for product "Tomcat" and version "4.1.23" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 4.1.24 Search vendor "Apache" for product "Tomcat" and version "4.1.24" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 4.1.25 Search vendor "Apache" for product "Tomcat" and version "4.1.25" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 4.1.26 Search vendor "Apache" for product "Tomcat" and version "4.1.26" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 4.1.27 Search vendor "Apache" for product "Tomcat" and version "4.1.27" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 4.1.28 Search vendor "Apache" for product "Tomcat" and version "4.1.28" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 4.1.29 Search vendor "Apache" for product "Tomcat" and version "4.1.29" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 4.1.30 Search vendor "Apache" for product "Tomcat" and version "4.1.30" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 4.1.31 Search vendor "Apache" for product "Tomcat" and version "4.1.31" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 4.1.32 Search vendor "Apache" for product "Tomcat" and version "4.1.32" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 4.1.33 Search vendor "Apache" for product "Tomcat" and version "4.1.33" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 4.1.34 Search vendor "Apache" for product "Tomcat" and version "4.1.34" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 4.1.35 Search vendor "Apache" for product "Tomcat" and version "4.1.35" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 4.1.36 Search vendor "Apache" for product "Tomcat" and version "4.1.36" | - |
Affected
| ||||||