Skip to content

Apache Tomcat Path Traversal Vulnerability

Low severity GitHub Reviewed Published May 1, 2022 to the GitHub Advisory Database • Updated Jan 8, 2024

Package

maven org.apache.tomcat:tomcat (Maven)

Affected versions

>= 4.0.0, <= 4.0.6
= 4.1.0
= 5.0.0
>= 5.5.0, <= 5.5.25
>= 6.0.0, <= 6.0.14

Patched versions

None

Description

Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.

References

Published by the National Vulnerability Database Oct 15, 2007
Published to the GitHub Advisory Database May 1, 2022
Reviewed Sep 22, 2023
Last updated Jan 8, 2024

Severity

Low

EPSS score

6.264%
(94th percentile)

Weaknesses

CVE ID

CVE-2007-5461

GHSA ID

GHSA-v5p2-vg3c-pmrr

Source code

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.