tomcat: arbitrary file disclosure via path traversal
| Package(s): | tomcat5 |
CVE #(s): | CVE-2007-5461
|
| Created: | November 19, 2007 |
Updated: | February 17, 2009 |
| Description: |
From the CVE entry:
Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag. |
| Alerts: |
| SuSE |
SUSE-SR:2009:004 |
apache, audacity, dovecot, libtiff-devel, libvirt, mediawiki, netatalk, novell-ipsec-tools,opensc, perl, phpPgAdmin, sbl, sblim-sfcb, squirrelmail, swfdec, tomcat5, virtualbox, websphere-as_ce, wine, xine-devel |
2009-02-17 |
| Red Hat |
RHSA-2008:0862-02 |
tomcat |
2008-10-02 |
| Fedora |
FEDORA-2008-8130 |
tomcat5 |
2008-09-16 |
| Red Hat |
RHSA-2008:0195-01 |
tomcat |
2008-04-28 |
| Gentoo |
200804-10 |
tomcat |
2008-04-10 |
| Red Hat |
RHSA-2008:0042-01 |
tomcat |
2008-03-11 |
| SuSE |
SUSE-SR:2008:005 |
acroread, asterisk, cacti, compat-openssl097g, icu, libcdio, wireshark/ethereal, Jakarta, perl-tk |
2008-03-06 |
| Fedora |
FEDORA-2008-1603 |
tomcat5 |
2008-02-13 |
| Fedora |
FEDORA-2008-1467 |
tomcat5 |
2008-02-13 |
| Debian |
DSA-1447-1 |
tomcat5.5 |
2008-01-03 |
| Mandriva |
MDKSA-2007:241 |
tomcat5 |
2007-12-10 |
| Fedora |
FEDORA-2007-3456 |
tomcat5 |
2007-11-17 |
| Fedora |
FEDORA-2007-3474 |
tomcat5 |
2007-11-17 |
|
