Bug 333791 (CVE-2007-5461)
Summary: | CVE-2007-5461 Absolute path traversal Apache Tomcat WEBDAV | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Marc Schoenefeld <mschoene> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | dbhole, fnasser, jclere, kreilly, patrickm |
Target Milestone: | --- | Keywords: | Reopened, Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://archives.neohapsis.com/archives/fulldisclosure/2007-10/0371.html | ||
Whiteboard: | |||
Fixed In Version: | 5.5.25-1jpp.1.fc8 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2013-04-05 00:42:48 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 334511, 334521, 334531, 334541, 334551, 334561, 334571, 334591, 363001, 428666, 430730, 430731, 440521, 445320, 449337, 470236, 470237 | ||
Bug Blocks: | 444136 |
Description
Marc Schoenefeld
2007-10-16 09:46:39 UTC
A working patch is available: http://people.apache.org/~markt/patches/2007-10-20-webdav.patch tomcat5-5.5.25-1jpp.1.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report. This issue has been addressed in following products: Red Hat Certificate System 7.3 Via RHSA-2010:0602 https://rhn.redhat.com/errata/RHSA-2010-0602.html This has been addressed in the following Red Hat products: JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS: RHSA-2008:0151 JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server: RHSA-2008:0213 Red Hat Application Server v2 4AS: RHSA-2008:0862 Red Hat Application Stack v1 for Enterprise Linux AS (v.4): RHSA-2008:0158 Red Hat Application Stack v2 for Enterprise Linux (v.5): RHSA-2008:0158 Red Hat Certificate System 7.3 for 4AS: RHSA-2010:0602 Red Hat Developer Suite v.3 (AS v.4): RHSA-2008:0195 Red Hat Enterprise Linux version 5: RHSA-2008:0042 Red Hat Network Satellite Server 5.0 (RHEL v.4 AS): RHSA-2008:0261 Red Hat Network Satellite Server 5.1 (RHEL v.4 AS): RHSA-2008:0630 Red Hat Network Satellite Server v 4.2 (RHEL v.3 AS): RHSA-2008:0524 Red Hat Network Satellite Server v 4.2 (RHEL v.4 AS): RHSA-2008:0524 |