Vulnerability CVE-2007-5461 - CERT Civis.Net

Vulnerability Name:

CVE-2007-5461 (CCN-37243)

Assigned:

2007-10-14

Published:

2007-10-14

Updated:

2019-03-25

Summary:

Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.

CVSS v3 Severity:

2.6 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): Low User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): None Availibility (A): None

CVSS v2 Severity:

3.5 Low (CVSS v2 Vector: AV:N/AC:M/Au:S/C:P/I:N/A:N)
2.7 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:S/C:P/I:N/A:N/E:POC/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

3.5 Low (CCN CVSS v2 Vector: AV:N/AC:M/Au:S/C:P/I:N/A:N)
2.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:S/C:P/I:N/A:N/E:POC/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

Vulnerability Type:

Vulnerability Consequences:

Obtain Information

References:

Source: CCN
Type: Full-Disclosure Mailing List, Sun Oct 14 2007 - 15:47:34 CDT
Apache Tomcat Rem0Te FiLe DiscloSure ZeroDay (W3bd4v)

Source: MITRE
Type: CNA
CVE-2007-5461

Source: MITRE
Type: CNA
CVE-2007-5731

Source: CCN
Type: Apache Geronimo Web site
Potential vulnerability in Apache Tomcat Webdav servlet

Source: CONFIRM
Type: UNKNOWN
http://geronimo.apache.org/2007/10/18/potential-vulnerability-in-apache-tomcat-webdav-servlet.html

Source: MISC
Type: UNKNOWN
http://issues.apache.org/jira/browse/GERONIMO-3549

Source: CCN
Type: Jakarta Slide Web page
Jakarta Slide

Source: CCN
Type: Jakarta Slide Web site
The Jakarta Slide project

Source: APPLE
Type: UNKNOWN
APPLE-SA-2008-06-30

Source: APPLE
Type: UNKNOWN
APPLE-SA-2008-10-09

Source: SUSE
Type: UNKNOWN
SUSE-SR:2008:005

Source: SUSE
Type: UNKNOWN
SUSE-SR:2009:004

Source: MLIST
Type: UNKNOWN
[tomcat-users] 20071015 [Security] - Important vulnerability disclosed in Apache Tomcat webdav servlet

Source: HP
Type: UNKNOWN
HPSBST02955

Source: FULLDISC
Type: Exploit
20071014 Apache Tomcat Rem0Te FiLe DiscloSure ZeroDay

Source: CCN
Type: RHSA-2008-0042
Moderate: tomcat security update

Source: CCN
Type: RHSA-2008-0151
Moderate: JBoss Enterprise Application Platform 4.2.0CP02 security update

Source: CCN
Type: RHSA-2008-0158
Moderate: JBoss Enterprise Application Platform security update

Source: CCN
Type: RHSA-2008-0195
Moderate: tomcat security update

Source: CCN
Type: RHSA-2008-0213
Moderate: JBoss Enterprise Application Platform 4.2.0CP02 security update

Source: CCN
Type: RHSA-2008-0261
Moderate: Red Hat Network Satellite Server security update

Source: CCN
Type: RHSA-2008-0524
Low: Red Hat Network Satellite Server security update

Source: CCN
Type: RHSA-2008-0630
Low: Red Hat Network Satellite Server security update

Source: REDHAT
Type: UNKNOWN
RHSA-2008:0630

Source: CCN
Type: RHSA-2008-0862
Important: tomcat security update

Source: CCN
Type: RHSA-2010-0602
Moderate: Red Hat Certificate System 7.3 security update

Source: CCN
Type: SA27398
Apache Tomcat WebDAV Arbitrary File Content Disclosure

Source: SECUNIA
Type: UNKNOWN
27398

Source: CCN
Type: SA27446
WebSphere Application Server Community Edition WebDAV Content Disclosure

Source: SECUNIA
Type: UNKNOWN
27446

Source: CCN
Type: SA27467
Apache Jakarta Slide WebDAV Arbitrary File Content Disclosure

Source: CCN
Type: SA27481
Apache Geronimo WebDAV Arbitrary File Content Disclosure

Source: SECUNIA
Type: UNKNOWN
27481

Source: SECUNIA
Type: UNKNOWN
27727

Source: SECUNIA
Type: UNKNOWN
28317

Source: SECUNIA
Type: UNKNOWN
28361

Source: SECUNIA
Type: UNKNOWN
29242

Source: SECUNIA
Type: UNKNOWN
29313

Source: SECUNIA
Type: UNKNOWN
29711

Source: CCN
Type: SA30676
VMware ESX Server update for Tomcat and Java JRE

Source: SECUNIA
Type: UNKNOWN
30676

Source: CCN
Type: SA30802
Apple Mac OS X Security Update Fixes Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
30802

Source: CCN
Type: SA30899
Sun Solaris 9 Tomcat Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
30899

Source: CCN
Type: SA30908
Sun Solaris 10 Tomcat Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
30908

Source: SECUNIA
Type: UNKNOWN
31493

Source: SECUNIA
Type: UNKNOWN
32120

Source: CCN
Type: SA32222
Apple Mac OS X Security Update Fixes Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
32222

Source: CCN
Type: SA32266
Avaya AES / MX Apache Tomcat Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
32266

Source: CCN
Type: SA37460
VMware Products Update for Multiple Packages

Source: SECUNIA
Type: UNKNOWN
37460

Source: SECUNIA
Type: UNKNOWN
57126

Source: GENTOO
Type: UNKNOWN
GLSA-200804-10

Source: CCN
Type: SECTRACK ID: 1018864
Tomcat WebDAV Servlet Lets Remote Users View Arbitrary Files

Source: SUNALERT
Type: UNKNOWN
239312

Source: CCN
Type: Sun Alert ID: 239312
Security Vulnerabilities in Tomcat 4.0 Shipped with Solaris 9 and 10

Source: CONFIRM
Type: UNKNOWN
http://support.apple.com/kb/HT2163

Source: CCN
Type: Apple Web site
About Security Update 2008-007

Source: CONFIRM
Type: UNKNOWN
http://support.apple.com/kb/HT3216

Source: CCN
Type: ASA-2008-190
tomcat security update (RHSA-2008-0195)

Source: CCN
Type: ASA-2008-293
Security Vulnerabilities in Tomcat 4.0 Shipped with Solaris 9 and 10 (Sun 239312)

Source: CONFIRM
Type: UNKNOWN
http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm

Source: CCN
Type: ASA-2008-401
tomcat security update (RHSA-2008-0862)

Source: CCN
Type: Apache Tomcat Web site
Apache Tomcat

Source: CONFIRM
Type: UNKNOWN
http://tomcat.apache.org/security-4.html

Source: CONFIRM
Type: UNKNOWN
http://tomcat.apache.org/security-5.html

Source: CONFIRM
Type: UNKNOWN
http://tomcat.apache.org/security-6.html

Source: CCN
Type: Apache Tomcat SVN Repository
Apache Tomcat

Source: CCN
Type: IBM Security Bulletin 1286112
Tomcat Webdav servlet security vulnerability in WebSphere Application Server Community Edition

Source: CONFIRM
Type: UNKNOWN
http://www-1.ibm.com/support/docview.wss?uid=swg21286112

Source: DEBIAN
Type: UNKNOWN
DSA-1447

Source: DEBIAN
Type: UNKNOWN
DSA-1453

Source: DEBIAN
Type: DSA-1447
tomcat5.5 -- several vulnerabilities

Source: DEBIAN
Type: DSA-1453
tomcat5 -- several vulnerabilities

Source: CCN
Type: GLSA-200804-10
Tomcat: Multiple vulnerabilities

Source: MANDRIVA
Type: UNKNOWN
MDKSA-2007:241

Source: MANDRIVA
Type: UNKNOWN
MDVSA-2009:136

Source: CCN
Type: OSVDB ID: 38673
Apache Jakarta Slide WebDAV SYSTEM Request Traversal Arbitrary File Access

Source: REDHAT
Type: UNKNOWN
RHSA-2008:0042

Source: REDHAT
Type: UNKNOWN
RHSA-2008:0195

Source: REDHAT
Type: UNKNOWN
RHSA-2008:0261

Source: REDHAT
Type: UNKNOWN
RHSA-2008:0862

Source: BUGTRAQ
Type: UNKNOWN
20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components

Source: BID
Type: UNKNOWN
26070

Source: CCN
Type: BID-26070
Apache Tomcat WebDav Remote Information Disclosure Vulnerability

Source: BID
Type: UNKNOWN
31681

Source: CCN
Type: BID-31681
RETIRED: Apple Mac OS X 2008-007 Multiple Security Vulnerabilities

Source: SECTRACK
Type: UNKNOWN
1018864

Source: CCN
Type: VMSA-2008-0010
Updated Tomcat and Java JRE packages for VMware ESX 3.5

Source: CONFIRM
Type: UNKNOWN
http://www.vmware.com/security/advisories/VMSA-2008-0010.html

Source: CONFIRM
Type: UNKNOWN
http://www.vmware.com/security/advisories/VMSA-2009-0016.html

Source: VUPEN
Type: UNKNOWN
ADV-2007-3622

Source: VUPEN
Type: UNKNOWN
ADV-2007-3671

Source: VUPEN
Type: UNKNOWN
ADV-2007-3674

Source: VUPEN
Type: UNKNOWN
ADV-2008-1856

Source: VUPEN
Type: UNKNOWN
ADV-2008-1979

Source: VUPEN
Type: UNKNOWN
ADV-2008-1981

Source: VUPEN
Type: UNKNOWN
ADV-2008-2780

Source: VUPEN
Type: UNKNOWN
ADV-2008-2823

Source: VUPEN
Type: UNKNOWN
ADV-2009-3316

Source: XF
Type: UNKNOWN
apache-tomcat-webdav-dir-traversal(37243)

Source: XF
Type: UNKNOWN
apache-tomcat-webdav-dir-traversal(37243)

Source: MLIST
Type: UNKNOWN
[tomcat-dev] 20190319 svn commit: r1855831 [22/30] - in /tomcat/site/trunk: ./ docs/ xdocs/

Source: MLIST
Type: UNKNOWN
[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/

Source: MLIST
Type: UNKNOWN
[tomcat-dev] 20190325 svn commit: r1856174 [20/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/

Source: MLIST
Type: UNKNOWN
[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/

Source: MLIST
Type: UNKNOWN
[tomcat-dev] 20200213 svn commit: r1873980 [25/34] - /tomcat/site/trunk/docs/

Source: MLIST
Type: UNKNOWN
[tomcat-dev] 20200203 svn commit: r1873527 [22/30] - /tomcat/site/trunk/docs/

Source: MLIST
Type: UNKNOWN
[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:9202

Source: EXPLOIT-DB
Type: UNKNOWN
4530

Source: FEDORA
Type: UNKNOWN
FEDORA-2007-3456

Source: SUSE
Type: SUSE-SR:2008:005
SUSE Security Summary Report

Source: SUSE
Type: SUSE-SR:2009:004
SUSE Security Summary Report

Vulnerable Configuration:

Configuration 1:

cpe:/a:apache:tomcat:4.0.0:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:4.0.1:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:4.0.2:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:4.0.3:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:4.0.4:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:4.0.5:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:4.0.6:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:4.1.0:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:4.1.1:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:4.1.2:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:4.1.3:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:4.1.4:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:4.1.5:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:4.1.6:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:4.1.7:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:4.1.8:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:4.1.9:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:4.1.10:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:4.1.11:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:4.1.12:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:4.1.13:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:4.1.14:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:4.1.15:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:4.1.16:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:4.1.17:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:4.1.18:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:4.1.19:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:4.1.20:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:4.1.21:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:4.1.22:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:4.1.23:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:4.1.24:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:4.1.25:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:4.1.26:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:4.1.27:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:4.1.28:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:4.1.29:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:4.1.30:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:4.1.31:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:4.1.32:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:4.1.33:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:4.1.34:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:4.1.35:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:4.1.36:*:*:*:*:*:*:*

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:5::client_workstation:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:*

Configuration CCN 1:

cpe:/a:apache:tomcat:4.0.1:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:4.0.3:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:4.0.4:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:4.1.10:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:4.1.0:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.4:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.0.19:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:4.1.24:*:*:*:*:*:*:*

OR cpe:/a:apache:geronimo:1.0:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.0.28:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.12:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.9:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.7:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:4.1.34:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.20:*:*:*:*:*:*:*

OR cpe:/a:apache:geronimo:2.0.2:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.17:*:*:*:*:*:*:*

OR cpe:/a:apache:geronimo:2.0.1:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.0.0:*:*:*:*:*:*:*

OR cpe:/a:apache:jakarta_slide:2.1:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:4.0.0:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:4.0.2:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:4.0.5:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:4.0.6:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:4.1.12:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:4.1.31:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:4.1.36:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.0.1:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.0.10:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.0.11:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.0.12:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.0.13:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.0.14:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.0.15:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.0.16:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.0.2:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.0.3:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.0.30:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.0.4:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.0.5:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.0.6:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.0.7:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.0.8:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.0.9:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.0:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.1:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.10:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.11:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.13:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.14:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.15:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.16:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.18:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.19:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.2:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.21:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.22:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.23:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.24:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.25:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.3:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.5:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.6:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.8:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.0:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.1:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.10:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.11:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.12:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.13:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.14:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.2:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.3:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.4:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.5:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.6:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.7:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.8:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.9:*:*:*:*:*:*:*

OR cpe:/a:redhat:certificate_system:7.3:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:4.1.32:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:4.1.37:*:*:*:*:*:*:*

AND

cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*

OR cpe:/o:sun:solaris:9::x86:*:*:*:*:*

OR cpe:/o:sun:solaris:10::sparc:*:*:*:*:*

OR cpe:/o:sun:solaris:10::x86:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:5:*:client_workstation:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2007.1:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2008.0::x86-64:*:*:*:*:*

OR cpe:/o:debian:debian_linux:4.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:5:*:client:*:*:*:*:*

OR cpe:/a:redhat:rhel_developer_suite:3:*:*:*:*:*:*:*

OR cpe:/a:redhat:rhel_application_server:2:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2008.0:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2008.1:x86_64:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2007.1::x86-64:*:*:*:*:*

OR cpe:/a:redhat:rhel_application_stack:2:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x_server:10.5:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x_server:10.5.1:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x_server:10.5.2:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2008.1:*:*:*:*:*:*:*

OR cpe:/a:vmware:esx_server:3.5:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x_server:10.5.3:*:*:*:*:*:*:*

OR cpe:/o:sun:solaris:9::sparc:*:*:*:*:*

OR cpe:/o:apple:mac_os_x_server:10.5.4:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x_server:10.5.5:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20075461	V	CVE-2007-5461	2015-11-16
oval:org.mitre.oval:def:18716	P	DSA-1447-1 tomcat5.5 several vulnerabilities	2014-06-23
oval:org.mitre.oval:def:7989	P	DSA-1447 tomcat5.5 -- several vulnerabilities	2014-06-23
oval:org.mitre.oval:def:18430	P	DSA-1453-1 tomcat5 - several vulnerabilities	2014-06-23
oval:org.mitre.oval:def:7988	P	DSA-1453 tomcat5 -- several vulnerabilities	2014-06-23
oval:org.mitre.oval:def:21709	P	ELSA-2008:0042: tomcat security update (Moderate)	2014-05-26
oval:org.mitre.oval:def:9202	V	Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.	2013-04-29
oval:com.redhat.rhsa:def:20080042	P	RHSA-2008:0042: tomcat security update (Moderate)	2008-03-11
oval:org.debian:def:1453	V	several vulnerabilities	2008-01-07
oval:org.debian:def:1447	V	several vulnerabilities	2008-01-03