CVE-2007-5461 – org.apache.tomcat:tomcat

Package

Manager: maven
Name: org.apache.tomcat:tomcat
Vulnerable Version: >=4.0.0 <=4.0.6 || =4.1.0 || =5.0.0 || >=5.5.0 <=5.5.25 || >=6.0.0 <=6.0.14

Severity

Level: Low

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.07173 pctl0.91214

Details

Apache Tomcat Path Traversal Vulnerability Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.

Metadata

Created: 2022-05-01T18:33:34Z
Modified: 2024-01-08T22:09:35Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-v5p2-vg3c-pmrr/GHSA-v5p2-vg3c-pmrr.json
CWE IDs: ["CWE-22"]
Alternative ID: GHSA-v5p2-vg3c-pmrr
Finding: F063
Auto approve: 1