Vulnerability in N/a
CVE-2006-3835
Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (;) preceding a filename with a mapped extension, as demonstrated by URLs ending with /;index.jsp and /;help.do.
EPSS: 0.515 (97.9th percentile) — read the EPSS interpretation.
Affected products
- N/a — versions n/a
References
- 19106 (vdb-entry, x_refsource_BID)
- tomcat.apache.org/security-4.html (x_refsource_CONFIRM)
- 30908 (x_refsource_SECUNIA, third-party-advisory)
- 37297 (x_refsource_SECUNIA, third-party-advisory)
- 239312 (vendor-advisory, x_refsource_SUNALERT)
- 30899 (x_refsource_SECUNIA, third-party-advisory)
- www.sec-consult.com/289.html (x_refsource_MISC)
- ADV-2008-1979 (vdb-entry, x_refsource_VUPEN)
- 20090127 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Updated - v1.1) (mailing-list, x_refsource_BUGTRAQ)
- ADV-2007-1727 (vdb-entry, x_refsource_VUPEN)