Low severityNVD Advisory· Published Oct 15, 2007· Updated Apr 23, 2026
CVE-2007-5461
CVE-2007-5461
Description
Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.tomcat:tomcatMaven | >= 4.0.0, <= 4.0.6 | — |
org.apache.tomcat:tomcatMaven | >= 5.5.0, <= 5.5.25 | — |
org.apache.tomcat:tomcatMaven | >= 6.0.0, <= 6.0.14 | — |
Affected products
44cpe:2.3:a:apache:tomcat:4.0.0:*:*:*:*:*:*:*+ 43 more
- cpe:2.3:a:apache:tomcat:4.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:4.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:4.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:4.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:4.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:4.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:4.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:4.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:4.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:4.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:4.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:4.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:4.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:4.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:4.1.7:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:4.1.8:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:4.1.9:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:4.1.10:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:4.1.11:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:4.1.12:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:4.1.13:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:4.1.14:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:4.1.15:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:4.1.16:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:4.1.17:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:4.1.18:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:4.1.19:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:4.1.20:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:4.1.21:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:4.1.22:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:4.1.23:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:4.1.24:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:4.1.25:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:4.1.26:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:4.1.27:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:4.1.28:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:4.1.29:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:4.1.30:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:4.1.31:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:4.1.32:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:4.1.33:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:4.1.34:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:4.1.35:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:4.1.36:*:*:*:*:*:*:*
Patches
23 files changed · +5 −5
java/org/apache/catalina/servlets/WebdavServlet.java+1 −0 modified@@ -243,6 +243,7 @@ protected DocumentBuilder getDocumentBuilder() try { documentBuilderFactory = DocumentBuilderFactory.newInstance(); documentBuilderFactory.setNamespaceAware(true); + documentBuilderFactory.setExpandEntityReferences(false); documentBuilder = documentBuilderFactory.newDocumentBuilder(); } catch(ParserConfigurationException e) { throw new ServletException
STATUS+0 −5 modified@@ -42,11 +42,6 @@ PATCHES PROPOSED TO BACKPORT: +1: fhanik,funkman -1: -* Fix important vulnerability when webdav is enabled for write - Patch: http://marc.info/?l=tomcat-dev&m=119245116910632&w=2 - +1: markt, funkman, remm, fhanik - -1: - * Fix for JDT update: update jdt.jar in build.properties.default to: jdt.jar=${jdt.lib}/org.eclipse.jdt.core_3.3.1.v_780_R33x.jar +1: remm, fhanik,funkman, pero
webapps/docs/changelog.xml+4 −0 modified@@ -158,6 +158,10 @@ <fix> Fix WebDAV Servlet so it works correctly with MS clients. (markt) </fix> + <fix> + Fix CVE-2007-5461, an important information disclosure vulnerability in + the WebDAV Servlet. (markt) + </fix> <fix> <bug>42979</bug>: Update sample.war to include recent security fixes in the source code. (markt)
901292cf9d7dFix CVE-2007-5461.
3 files changed · +5 −5
java/org/apache/catalina/servlets/WebdavServlet.java+1 −0 modified@@ -243,6 +243,7 @@ protected DocumentBuilder getDocumentBuilder() try { documentBuilderFactory = DocumentBuilderFactory.newInstance(); documentBuilderFactory.setNamespaceAware(true); + documentBuilderFactory.setExpandEntityReferences(false); documentBuilder = documentBuilderFactory.newDocumentBuilder(); } catch(ParserConfigurationException e) { throw new ServletException
STATUS+0 −5 modified@@ -42,11 +42,6 @@ PATCHES PROPOSED TO BACKPORT: +1: fhanik,funkman -1: -* Fix important vulnerability when webdav is enabled for write - Patch: http://marc.info/?l=tomcat-dev&m=119245116910632&w=2 - +1: markt, funkman, remm, fhanik - -1: - * Fix for JDT update: update jdt.jar in build.properties.default to: jdt.jar=${jdt.lib}/org.eclipse.jdt.core_3.3.1.v_780_R33x.jar +1: remm, fhanik,funkman, pero
webapps/docs/changelog.xml+4 −0 modified@@ -158,6 +158,10 @@ <fix> Fix WebDAV Servlet so it works correctly with MS clients. (markt) </fix> + <fix> + Fix CVE-2007-5461, an important information disclosure vulnerability in + the WebDAV Servlet. (markt) + </fix> <fix> <bug>42979</bug>: Update sample.war to include recent security fixes in the source code. (markt)
Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
84- marc.infonvdExploitWEB
- github.com/advisories/GHSA-v5p2-vg3c-pmrrghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2007-5461ghsaADVISORY
- geronimo.apache.org/2007/10/18/potential-vulnerability-in-apache-tomcat-webdav-servlet.htmlnvdWEB
- issues.apache.org/jira/browse/GERONIMO-3549nvdWEB
- lists.apple.com/archives/security-announce/2008//Jun/msg00002.htmlnvdWEB
- lists.apple.com/archives/security-announce/2008/Oct/msg00001.htmlnvdWEB
- lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.htmlnvdWEB
- lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.htmlnvdWEB
- mail-archives.apache.org/mod_mbox/tomcat-users/200710.mbox/%3C47135C2D.1000705@apache.org%3EghsaWEB
- marc.infonvdWEB
- rhn.redhat.com/errata/RHSA-2008-0630.htmlnvdWEB
- security.gentoo.org/glsa/glsa-200804-10.xmlnvdWEB
- support.apple.com/kb/HT2163nvdWEB
- support.apple.com/kb/HT3216nvdWEB
- tomcat.apache.org/security-4.htmlnvdWEB
- tomcat.apache.org/security-5.htmlnvdWEB
- tomcat.apache.org/security-6.htmlnvdWEB
- www.debian.org/security/2008/dsa-1447nvdWEB
- www.debian.org/security/2008/dsa-1453nvdWEB
- www.redhat.com/support/errata/RHSA-2008-0042.htmlnvdWEB
- www.redhat.com/support/errata/RHSA-2008-0195.htmlnvdWEB
- www.redhat.com/support/errata/RHSA-2008-0261.htmlnvdWEB
- www.redhat.com/support/errata/RHSA-2008-0862.htmlnvdWEB
- exchange.xforce.ibmcloud.com/vulnerabilities/37243nvdWEB
- github.com/apache/tomcat/commit/1e7b31e24801777f4de45d565f6a20a5377dd22cghsaWEB
- github.com/apache/tomcat/commit/901292cf9d7d8225f8a3b96c7583e2bd8b41772dghsaWEB
- lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3EghsaWEB
- lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3EghsaWEB
- lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3EghsaWEB
- lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3EghsaWEB
- lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3EghsaWEB
- lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3EghsaWEB
- lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3EghsaWEB
- www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.htmlnvdWEB
- mail-archives.apache.org/mod_mbox/tomcat-users/200710.mbox/%3C47135C2D.1000705%40apache.org%3Envd
- secunia.com/advisories/27398nvd
- secunia.com/advisories/27446nvd
- secunia.com/advisories/27481nvd
- secunia.com/advisories/27727nvd
- secunia.com/advisories/28317nvd
- secunia.com/advisories/28361nvd
- secunia.com/advisories/29242nvd
- secunia.com/advisories/29313nvd
- secunia.com/advisories/29711nvd
- secunia.com/advisories/30676nvd
- secunia.com/advisories/30802nvd
- secunia.com/advisories/30899nvd
- secunia.com/advisories/30908nvd
- secunia.com/advisories/31493nvd
- secunia.com/advisories/32120nvd
- secunia.com/advisories/32222nvd
- secunia.com/advisories/32266nvd
- secunia.com/advisories/37460nvd
- secunia.com/advisories/57126nvd
- sunsolve.sun.com/search/document.donvd
- support.avaya.com/elmodocs2/security/ASA-2008-401.htmnvd
- www-1.ibm.com/support/docview.wssnvd
- www.mandriva.com/security/advisoriesnvd
- www.mandriva.com/security/advisoriesnvd
- www.securityfocus.com/archive/1/507985/100/0/threadednvd
- www.securityfocus.com/bid/26070nvd
- www.securityfocus.com/bid/31681nvd
- www.securitytracker.com/idnvd
- www.vmware.com/security/advisories/VMSA-2008-0010.htmlnvd
- www.vmware.com/security/advisories/VMSA-2009-0016.htmlnvd
- www.vupen.com/english/advisories/2007/3622nvd
- www.vupen.com/english/advisories/2007/3671nvd
- www.vupen.com/english/advisories/2007/3674nvd
- www.vupen.com/english/advisories/2008/1856/referencesnvd
- www.vupen.com/english/advisories/2008/1979/referencesnvd
- www.vupen.com/english/advisories/2008/1981/referencesnvd
- www.vupen.com/english/advisories/2008/2780nvd
- www.vupen.com/english/advisories/2008/2823nvd
- www.vupen.com/english/advisories/2009/3316nvd
- lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3Envd
- lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3Envd
- lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3Envd
- lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3Envd
- lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3Envd
- lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3Envd
- lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3Envd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9202nvd
- www.exploit-db.com/exploits/4530nvd
News mentions
0No linked articles in our index yet.