mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-07 03:02:30 +00:00
974 B
974 B
CVE-2007-5461
Description
Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.
POC
Reference
- http://www.redhat.com/support/errata/RHSA-2008-0862.html
- http://www.vmware.com/security/advisories/VMSA-2009-0016.html
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9202
- https://www.exploit-db.com/exploits/4530
Github
No PoCs found on GitHub currently.