Search for vulnerabilities
Vulnerability details: VCID-hdmm-9qu7-tkev
Vulnerability ID VCID-hdmm-9qu7-tkev
Aliases CVE-2007-5461
GHSA-v5p2-vg3c-pmrr
Summary
Status Published
Exploitability 2.0
Weighted Severity 8.0
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (4)
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-352 Cross-Site Request Forgery (CSRF)
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
generic_textual LOW http://geronimo.apache.org/2007/10/18/potential-vulnerability-in-apache-tomcat-webdav-servlet.html
generic_textual LOW http://issues.apache.org/jira/browse/GERONIMO-3549
generic_textual LOW http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html
generic_textual LOW http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
generic_textual LOW http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html
generic_textual LOW http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
generic_textual LOW http://mail-archives.apache.org/mod_mbox/tomcat-users/200710.mbox/%3C47135C2D.1000705@apache.org%3E
generic_textual LOW http://marc.info/?l=bugtraq&m=139344343412337&w=2
generic_textual LOW http://marc.info/?l=full-disclosure&m=119239530508382
generic_textual LOW http://rhn.redhat.com/errata/RHSA-2008-0630.html
epss 0.07173 https://api.first.org/data/v1/epss?cve=CVE-2007-5461
epss 0.07173 https://api.first.org/data/v1/epss?cve=CVE-2007-5461
epss 0.07173 https://api.first.org/data/v1/epss?cve=CVE-2007-5461
epss 0.07173 https://api.first.org/data/v1/epss?cve=CVE-2007-5461
epss 0.07173 https://api.first.org/data/v1/epss?cve=CVE-2007-5461
epss 0.07173 https://api.first.org/data/v1/epss?cve=CVE-2007-5461
epss 0.07173 https://api.first.org/data/v1/epss?cve=CVE-2007-5461
epss 0.07173 https://api.first.org/data/v1/epss?cve=CVE-2007-5461
epss 0.07173 https://api.first.org/data/v1/epss?cve=CVE-2007-5461
epss 0.07173 https://api.first.org/data/v1/epss?cve=CVE-2007-5461
epss 0.07173 https://api.first.org/data/v1/epss?cve=CVE-2007-5461
epss 0.07173 https://api.first.org/data/v1/epss?cve=CVE-2007-5461
epss 0.07173 https://api.first.org/data/v1/epss?cve=CVE-2007-5461
epss 0.07173 https://api.first.org/data/v1/epss?cve=CVE-2007-5461
epss 0.07173 https://api.first.org/data/v1/epss?cve=CVE-2007-5461
epss 0.07173 https://api.first.org/data/v1/epss?cve=CVE-2007-5461
epss 0.07173 https://api.first.org/data/v1/epss?cve=CVE-2007-5461
epss 0.07173 https://api.first.org/data/v1/epss?cve=CVE-2007-5461
epss 0.07173 https://api.first.org/data/v1/epss?cve=CVE-2007-5461
epss 0.07173 https://api.first.org/data/v1/epss?cve=CVE-2007-5461
epss 0.07173 https://api.first.org/data/v1/epss?cve=CVE-2007-5461
epss 0.07173 https://api.first.org/data/v1/epss?cve=CVE-2007-5461
epss 0.07173 https://api.first.org/data/v1/epss?cve=CVE-2007-5461
epss 0.07173 https://api.first.org/data/v1/epss?cve=CVE-2007-5461
apache_tomcat Important https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5461
generic_textual LOW http://security.gentoo.org/glsa/glsa-200804-10.xml
generic_textual LOW https://exchange.xforce.ibmcloud.com/vulnerabilities/37243
cvssv3.1_qr LOW https://github.com/advisories/GHSA-v5p2-vg3c-pmrr
generic_textual LOW https://github.com/apache/tomcat
generic_textual LOW https://github.com/apache/tomcat/commit/1e7b31e24801777f4de45d565f6a20a5377dd22c
generic_textual LOW https://github.com/apache/tomcat/commit/901292cf9d7d8225f8a3b96c7583e2bd8b41772d
generic_textual LOW https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E
generic_textual LOW https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E
generic_textual LOW https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E
generic_textual LOW https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E
generic_textual LOW https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E
generic_textual LOW https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E
generic_textual LOW https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E
generic_textual LOW https://nvd.nist.gov/vuln/detail/CVE-2007-5461
generic_textual LOW http://support.apple.com/kb/HT2163
generic_textual LOW http://support.apple.com/kb/HT3216
generic_textual LOW https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html
generic_textual LOW http://tomcat.apache.org/security-4.html
generic_textual LOW http://tomcat.apache.org/security-5.html
generic_textual LOW http://tomcat.apache.org/security-6.html
generic_textual LOW http://www.debian.org/security/2008/dsa-1447
generic_textual LOW http://www.debian.org/security/2008/dsa-1453
generic_textual LOW http://www.redhat.com/support/errata/RHSA-2008-0042.html
generic_textual LOW http://www.redhat.com/support/errata/RHSA-2008-0195.html
generic_textual LOW http://www.redhat.com/support/errata/RHSA-2008-0261.html
generic_textual LOW http://www.redhat.com/support/errata/RHSA-2008-0862.html
Reference id Reference type URL
http://geronimo.apache.org/2007/10/18/potential-vulnerability-in-apache-tomcat-webdav-servlet.html
http://issues.apache.org/jira/browse/GERONIMO-3549
http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html
http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
http://mail-archives.apache.org/mod_mbox/tomcat-users/200710.mbox/%3C47135C2D.1000705@apache.org%3E
http://marc.info/?l=bugtraq&m=139344343412337&w=2
http://marc.info/?l=full-disclosure&m=119239530508382
http://rhn.redhat.com/errata/RHSA-2008-0630.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-5461.json
https://api.first.org/data/v1/epss?cve=CVE-2007-5461
http://security.gentoo.org/glsa/glsa-200804-10.xml
https://exchange.xforce.ibmcloud.com/vulnerabilities/37243
https://github.com/apache/tomcat
https://github.com/apache/tomcat/commit/1e7b31e24801777f4de45d565f6a20a5377dd22c
https://github.com/apache/tomcat/commit/901292cf9d7d8225f8a3b96c7583e2bd8b41772d
https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2007-5461
http://support.apple.com/kb/HT2163
http://support.apple.com/kb/HT3216
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html
http://tomcat.apache.org/security-4.html
http://tomcat.apache.org/security-5.html
http://tomcat.apache.org/security-6.html
http://www.debian.org/security/2008/dsa-1447
http://www.debian.org/security/2008/dsa-1453
http://www.redhat.com/support/errata/RHSA-2008-0042.html
http://www.redhat.com/support/errata/RHSA-2008-0195.html
http://www.redhat.com/support/errata/RHSA-2008-0261.html
http://www.redhat.com/support/errata/RHSA-2008-0862.html
333791 https://bugzilla.redhat.com/show_bug.cgi?id=333791
CVE-2007-5461 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5461
CVE-2007-5461 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/4552.pl
GHSA-v5p2-vg3c-pmrr https://github.com/advisories/GHSA-v5p2-vg3c-pmrr
OSVDB-38187;CVE-2007-5461 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/4530.pl
RHSA-2008:0042 https://access.redhat.com/errata/RHSA-2008:0042
RHSA-2008:0151 https://access.redhat.com/errata/RHSA-2008:0151
RHSA-2008:0158 https://access.redhat.com/errata/RHSA-2008:0158
RHSA-2008:0195 https://access.redhat.com/errata/RHSA-2008:0195
RHSA-2008:0213 https://access.redhat.com/errata/RHSA-2008:0213
RHSA-2008:0630 https://access.redhat.com/errata/RHSA-2008:0630
Data source Exploit-DB
Date added Oct. 13, 2007
Description Apache Tomcat - 'WebDAV' Remote File Disclosure
Ransomware campaign use Known
Source publication date Oct. 14, 2007
Exploit type remote
Platform multiple
Source update date Dec. 14, 2016
Exploit Prediction Scoring System (EPSS)
Percentile 0.9118
EPSS Score 0.07173
Published At Aug. 16, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T07:58:41.269569+00:00 ProjectKB MSRImporter Import https://raw.githubusercontent.com/SAP/project-kb/master/MSR2019/dataset/vulas_db_msr2019_release.csv 37.0.0