Description

Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (;) preceding a filename with a mapped extension, as demonstrated by URLs ending with /;index.jsp and /;help.do.

Remediation

References

CVE-2006-3835

Related Vulnerabilities

WordPress Plugin WP Publication Archive 'file' Parameter Directory Traversal (2.3)

Django Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2021-33203)

MySQL CVE-2019-2532 Vulnerability (CVE-2019-2532)

Microsoft SQL Server Other Vulnerability (CVE-2000-1086)

TYPO3 Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2010-5104)

Severity

Medium

Classification

CVE-2006-3835

Tags

Missing Update Known Vulnerabilities