Description
Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.
Remediation
References
Related Vulnerabilities
Drupal Core 7.x Multiple Vulnerabilities (7.0 - 7.56)
Oracle HTTP Server CVE-2006-0435 Vulnerability (CVE-2006-0435)
WordPress Plugin Social Photo Gallery Remote Code Execution (1.0)
WordPress Plugin Placemarks Cross-Site Scripting (2.0.0)
Drupal Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-6926)