CVE-2006-3835 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2006-3835
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2006-3835

Description: Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (;) preceding a filename with a mapped extension, as demonstrated by URLs ending with /;index.jsp and /;help.do.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/27902 http://xforce.iss.net/xforce/xfdb/34183 SUSE http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html SUNALERT http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1 ST 1016576 SAID Secunia Advisory: SA30899 Secunia Advisory: SA25212 Secunia Advisory: SA30908 Secunia Advisory: SA33668 REDHAT http://www.redhat.com/support/errata/RHSA-2008-0261.html MISC http://www.sec-consult.com/289.html FULLDISC http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0467.html CONFIRM http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx http://support.avaya.com/elmodocs2/security/ASA-2007-206.htm http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540 http://tomcat.apache.org/security-4.html http://tomcat.apache.org/security-5.html BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/500396/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/500412/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/468048/100/0/threaded BID 19106

Return to the previous page.