Apache Tomcat servlets-webdav is vulnerable to path traversal. A remote authenticated user is able to submit absolute file paths to read arbitrary files via a WebDAV write request which specifies an entry with a SYSTEM tag.
geronimo.apache.org/2007/10/18/potential-vulnerability-in-apache-tomcat-webdav-servlet.html
issues.apache.org/jira/browse/GERONIMO-3549
lists.apple.com/archives/security-announce/2008//Jun/msg00002.html
lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html
lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
mail-archives.apache.org/mod_mbox/tomcat-users/200710.mbox/%[email protected]%3E
marc.info/?l=bugtraq&m=139344343412337&w=2
marc.info/?l=full-disclosure&m=119239530508382
rhn.redhat.com/errata/RHSA-2008-0630.html
secunia.com/advisories/27398
secunia.com/advisories/27446
secunia.com/advisories/27481
secunia.com/advisories/27727
secunia.com/advisories/28317
secunia.com/advisories/28361
secunia.com/advisories/29242
secunia.com/advisories/29313
secunia.com/advisories/29711
secunia.com/advisories/30676
secunia.com/advisories/30802
secunia.com/advisories/30899
secunia.com/advisories/30908
secunia.com/advisories/31493
secunia.com/advisories/32120
secunia.com/advisories/32222
secunia.com/advisories/32266
secunia.com/advisories/37460
secunia.com/advisories/57126
security.gentoo.org/glsa/glsa-200804-10.xml
sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1
support.apple.com/kb/HT2163
support.apple.com/kb/HT3216
support.avaya.com/elmodocs2/security/ASA-2008-401.htm
tomcat.apache.org/security-4.html
tomcat.apache.org/security-5.html
tomcat.apache.org/security-6.html
www-1.ibm.com/support/docview.wss?uid=swg21286112
www.debian.org/security/2008/dsa-1447
www.debian.org/security/2008/dsa-1453
www.mandriva.com/security/advisories?name=MDKSA-2007:241
www.mandriva.com/security/advisories?name=MDVSA-2009:136
www.redhat.com/support/errata/RHSA-2008-0042.html
www.redhat.com/support/errata/RHSA-2008-0195.html
www.redhat.com/support/errata/RHSA-2008-0261.html
www.redhat.com/support/errata/RHSA-2008-0862.html
www.securityfocus.com/archive/1/507985/100/0/threaded
www.securityfocus.com/bid/26070
www.securityfocus.com/bid/31681
www.securitytracker.com/id?1018864
www.vmware.com/security/advisories/VMSA-2008-0010.html
www.vmware.com/security/advisories/VMSA-2009-0016.html
www.vupen.com/english/advisories/2007/3622
www.vupen.com/english/advisories/2007/3671
www.vupen.com/english/advisories/2007/3674
www.vupen.com/english/advisories/2008/1856/references
www.vupen.com/english/advisories/2008/1979/references
www.vupen.com/english/advisories/2008/1981/references
www.vupen.com/english/advisories/2008/2780
www.vupen.com/english/advisories/2008/2823
www.vupen.com/english/advisories/2009/3316
exchange.xforce.ibmcloud.com/vulnerabilities/37243
github.com/apache/tomcat/commit/901292cf9d7d8225f8a3b96c7583e2bd8b41772d
lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9202
www.exploit-db.com/exploits/4530
www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html