Bug#448841: CVE-2007-5731 directory traversal vulnerability
Nico Golde
nion at debian.org
Thu Nov 1 11:37:19 UTC 2007
Package: libslide-webdavclient-java
Version: 2.1+dfsg-1
Severity: important
Tags: security
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for libslide-webdavclient-java.
CVE-2007-5731[0]:
| Absolute path traversal vulnerability in Apache Jakarta Slide 2.1 and
| earlier allows remote authenticated users to read arbitrary files via
| a WebDAV write request that specifies an entity with a SYSTEM tag, a
| related issue to CVE-2007-5461.
If you fix this vulnerability please also include the CVE id
in your changelog entry.
This can only be exploited by authenticated attackers.
For further information:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5731
Kind regards
Nico
--
Nico Golde - http://www.ngolde.de - nion at jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/pkg-java-maintainers/attachments/20071101/71acb453/attachment.pgp
More information about the pkg-java-maintainers
mailing list