Description
Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.
Remediation
References
Related Vulnerabilities
WordPress Plugin Fast Velocity Minify Information Disclosure (2.7.6)
Drupal Core Remote Code Execution (8.0.0 - 9.2.21)
Apache version older than 1.3.29
WordPress Plugin Events Manager 'events-manager.php' SQL Injection (2.1)
IBM RTC Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-1734)