CVE-2007-5461 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2007-5461 Interim 1 6 2023-12-09T02:12:38Z current 2021-05-30T12:40:27Z 2023-12-09T02:12:38Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2007-5461 Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/LMTVE4EZQNOFAC75PBBXSBZFINGTVNEL/#LMTVE4EZQNOFAC75PBBXSBZFINGTVNEL E-Mail link for SUSE-SR:2008:005 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/BPPEFMFC7GCUUZ5CIPX7VFYKXZCRGT5N/#BPPEFMFC7GCUUZ5CIPX7VFYKXZCRGT5N E-Mail link for SUSE-SR:2009:004 https://www.suse.com/support/kb/doc/?id=7002362 E-Mail link for TID7002362 https://www.suse.com/support/security/rating/ SUSE Security Ratings Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag. CVE-2007-5461 low 3.5 AV:N/AC:M/Au:S/C:P/I:N/A:N