漏洞信息(CVE-2007-5461)

一、漏洞 CVE-2007-5461 基础信息

漏洞标题

N/A

来源：AIGC 神龙大模型

漏洞描述信息

在Apache Tomcat 4.0.0 through 4.0.6、4.1.0、5.0.0、5.5.0 through 5.5.25和6.0.0 through 6.0.14等特定配置下， absolute path traversal 漏洞允许远程授权用户通过一个 WebDAV 写入请求，指定一个带有 SYSTEM 标签的实体来读取任意文件。

来源：AIGC 神龙大模型

CVSS信息

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

来源：AIGC 神龙大模型

漏洞类别

N/A

来源：AIGC 神龙大模型

漏洞标题

N/A

来源：美国国家漏洞数据库 NVD

漏洞描述信息

Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.

来源：美国国家漏洞数据库 NVD

CVSS信息

N/A

来源：美国国家漏洞数据库 NVD

漏洞类别

N/A

来源：美国国家漏洞数据库 NVD

漏洞标题

Apache Tomcat WebDav远程信息泄露漏洞

来源：中国国家信息安全漏洞库 CNNVD

漏洞描述信息

Apache Tomcat是一个流行的开放源码的JSP应用服务器程序。如果将Apache Tomcat的WebDAV servlet配置为同上下文使用且允许写访问的话，则远程攻击者可以通过提交指定了SYSTEM标签的WebDAV请求导致泄露任意文件的内容。

来源：中国国家信息安全漏洞库 CNNVD

CVSS信息

N/A

来源：中国国家信息安全漏洞库 CNNVD

漏洞类别

路径遍历

来源：中国国家信息安全漏洞库 CNNVD

二、漏洞 CVE-2007-5461 的公开POC

#	POC 描述	源链接	神龙链接

三、漏洞 CVE-2007-5461 的情报信息

http://tomcat.apache.org/security-4.html x_refsource_CONFIRM
http://support.apple.com/kb/HT3216 x_refsource_CONFIRM
http://tomcat.apache.org/security-5.html x_refsource_CONFIRM
http://www.vmware.com/security/advisories/VMSA-2008-0010.html x_refsource_CONFIRM
http://www-1.ibm.com/support/docview.wss?uid=swg21286112 x_refsource_CONFIRM
http://geronimo.apache.org/2007/10/18/potential-vulnerability-in-apache-tomcat-webdav-servlet.html x_refsource_CONFIRM
http://tomcat.apache.org/security-6.html x_refsource_CONFIRM
http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm x_refsource_CONFIRM
http://www.vmware.com/security/advisories/VMSA-2009-0016.html x_refsource_CONFIRM
http://issues.apache.org/jira/browse/GERONIMO-3549 x_refsource_MISC
http://support.apple.com/kb/HT2163 x_refsource_CONFIRM
https://www.exploit-db.com/exploits/4530 exploit x_refsource_EXPLOIT-DB
http://secunia.com/advisories/30676 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/30802 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/32222 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/57126 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/27446 third-party-advisory x_refsource_SECUNIA
http://www.securityfocus.com/bid/26070 vdb-entry x_refsource_BID
http://secunia.com/advisories/32266 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/29711 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/28317 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/28361 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/27727 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/27398 third-party-advisory x_refsource_SECUNIA
http://www.securityfocus.com/bid/31681 vdb-entry x_refsource_BID
http://secunia.com/advisories/27481 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/30899 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/31493 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/29242 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/37460 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/30908 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/29313 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/32120 third-party-advisory x_refsource_SECUNIA
http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1 vendor-advisory x_refsource_SUNALERT
http://www.securitytracker.com/id?1018864 vdb-entry x_refsource_SECTRACK
http://www.debian.org/security/2008/dsa-1453 vendor-advisory x_refsource_DEBIAN
http://www.debian.org/security/2008/dsa-1447 vendor-advisory x_refsource_DEBIAN
http://marc.info/?l=bugtraq&m=139344343412337&w=2 vendor-advisory x_refsource_HP
http://www.vupen.com/english/advisories/2008/2780 vdb-entry x_refsource_VUPEN
http://www.vupen.com/english/advisories/2008/1856/references vdb-entry x_refsource_VUPEN
http://www.vupen.com/english/advisories/2007/3622 vdb-entry x_refsource_VUPEN
http://www.vupen.com/english/advisories/2009/3316 vdb-entry x_refsource_VUPEN
http://www.vupen.com/english/advisories/2008/1981/references vdb-entry x_refsource_VUPEN
http://www.vupen.com/english/advisories/2007/3674 vdb-entry x_refsource_VUPEN
http://www.vupen.com/english/advisories/2007/3671 vdb-entry x_refsource_VUPEN
http://www.vupen.com/english/advisories/2008/1979/references vdb-entry x_refsource_VUPEN
http://www.vupen.com/english/advisories/2008/2823 vdb-entry x_refsource_VUPEN
http://security.gentoo.org/glsa/glsa-200804-10.xml vendor-advisory x_refsource_GENTOO
http://rhn.redhat.com/errata/RHSA-2008-0630.html vendor-advisory x_refsource_REDHAT
http://www.redhat.com/support/errata/RHSA-2008-0862.html vendor-advisory x_refsource_REDHAT
http://www.mandriva.com/security/advisories?name=MDVSA-2009:136 vendor-advisory x_refsource_MANDRIVA
http://www.redhat.com/support/errata/RHSA-2008-0261.html vendor-advisory x_refsource_REDHAT
http://www.redhat.com/support/errata/RHSA-2008-0042.html vendor-advisory x_refsource_REDHAT
http://www.mandriva.com/security/advisories?name=MDKSA-2007:241 vendor-advisory x_refsource_MANDRIVA
http://www.redhat.com/support/errata/RHSA-2008-0195.html vendor-advisory x_refsource_REDHAT
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html vendor-advisory x_refsource_FEDORA
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html vendor-advisory x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html vendor-advisory x_refsource_SUSE
http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html vendor-advisory x_refsource_APPLE
http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html vendor-advisory x_refsource_APPLE
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9202 vdb-entry signature x_refsource_OVAL
https://exchange.xforce.ibmcloud.com/vulnerabilities/37243 vdb-entry x_refsource_XF
http://marc.info/?l=full-disclosure&m=119239530508382 mailing-list x_refsource_FULLDISC
https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E mailing-list x_refsource_MLIST
https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E mailing-list x_refsource_MLIST
https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E mailing-list x_refsource_MLIST
https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E mailing-list x_refsource_MLIST
https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E mailing-list x_refsource_MLIST
http://mail-archives.apache.org/mod_mbox/tomcat-users/200710.mbox/%3C47135C2D.1000705%40apache.org%3E mailing-list x_refsource_MLIST
https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E mailing-list x_refsource_MLIST
https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E mailing-list x_refsource_MLIST
http://www.securityfocus.com/archive/1/507985/100/0/threaded mailing-list x_refsource_BUGTRAQ
https://nvd.nist.gov/vuln/detail/CVE-2007-5461

一、 漏洞 CVE-2007-5461 基础信息

漏洞标题

漏洞描述信息

CVSS信息

漏洞类别

漏洞标题

漏洞描述信息

CVSS信息

漏洞类别

漏洞标题

漏洞描述信息

CVSS信息

漏洞类别

二、漏洞 CVE-2007-5461 的公开POC

三、漏洞 CVE-2007-5461 的情报信息

一、漏洞 CVE-2007-5461 基础信息