GHSA-v5p2-vg3c-pmrr

Source

https://github.com/advisories/GHSA-v5p2-vg3c-pmrr

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-v5p2-vg3c-pmrr/GHSA-v5p2-vg3c-pmrr.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-v5p2-vg3c-pmrr

Aliases

CVE-2007-5461

Published

2022-05-01T18:33:34Z

Modified

2024-01-08T22:09:35Z

Summary

Apache Tomcat Path Traversal Vulnerability

Details

Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.

Database specific

{
    "nvd_published_at": "2007-10-15T18:17:00Z",
    "cwe_ids": [
        "CWE-22"
    ],
    "severity": "LOW",
    "github_reviewed": true,
    "github_reviewed_at": "2023-09-22T21:08:02Z"
}

References

Affected packages

Maven / org.apache.tomcat:tomcat

Package

Name: org.apache.tomcat:tomcat; View open source insights on deps.dev
Purl: pkg:maven/org.apache.tomcat/tomcat

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.0.0

Last affected

4.0.6

Maven / org.apache.tomcat:tomcat

Package

Name: org.apache.tomcat:tomcat; View open source insights on deps.dev
Purl: pkg:maven/org.apache.tomcat/tomcat

Affected ranges

Affected versions

4.*

4.1.0

Maven / org.apache.tomcat:tomcat

Package

Name: org.apache.tomcat:tomcat; View open source insights on deps.dev
Purl: pkg:maven/org.apache.tomcat/tomcat

Affected ranges

Affected versions

5.*

5.0.0

Maven / org.apache.tomcat:tomcat

Package

Name: org.apache.tomcat:tomcat; View open source insights on deps.dev
Purl: pkg:maven/org.apache.tomcat/tomcat

Affected ranges

Type: ECOSYSTEM
Events: Introduced

5.5.0

Last affected

5.5.25

Maven / org.apache.tomcat:tomcat

Package

Name: org.apache.tomcat:tomcat; View open source insights on deps.dev
Purl: pkg:maven/org.apache.tomcat/tomcat

Affected ranges

Type: ECOSYSTEM
Events: Introduced

6.0.0

Last affected

6.0.14