Intrusion Prevention

Apache.Tomcat.File.Disclosure

Description

Absolute path traversal vulnerability in Apache Tomcat, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.

Affected Products

Apache Software Foundation, Tomcat.

Impact

Information disclosure, arbitrary file system acccess..

Recommended Actions

We are currently not aware of any officially released patch or update.

CVE References

CVE-2007-5461