DescriptionAbsolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.
Overall state of this security issue: Resolved
This issue is currently not rated by SUSE as it is not affecting the SUSE Enterprise products.
|National Vulnerability Database|
SUSE Security Advisories:
- SUSE-SR:2008:005, published Thu, 06 Mar 2008 13:00:00 +0000
- SUSE-SR:2009:004, published Tue, 17 Feb 2009 10:00:00 +0000
- TID7002362, published Sun May 20 06:49:56 CEST 2018
SUSE Timeline for this CVECVE page created: Tue Jul 9 16:21:04 2013
CVE page last modified: Sat Dec 10 11:35:52 2022