5

CVE-2006-3835

Exploit
Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (;) preceding a filename with a mapped extension, as demonstrated by URLs ending with /;index.jsp and /;help.do.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ApacheTomcat Version5.0.28
ApacheTomcat Version5.5.7
ApacheTomcat Version5.5.9
ApacheTomcat Version5.5.12
ApacheTomcat Version5.5.16
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 45.58% 0.986
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E
http://tomcat.apache.org/security-4.html
http://secunia.com/advisories/30899
http://secunia.com/advisories/30908
http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1
http://www.vupen.com/english/advisories/2008/1979/references
http://www.redhat.com/support/errata/RHSA-2008-0261.html
http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx
http://secunia.com/advisories/33668
http://support.avaya.com/elmodocs2/security/ASA-2007-206.htm
http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540
http://tomcat.apache.org/security-5.html
http://www.securityfocus.com/archive/1/500396/100/0/threaded
http://www.securityfocus.com/archive/1/500412/100/0/threaded
http://www.vupen.com/english/advisories/2009/0233
http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0467.html
Patch
Exploit
http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
http://secunia.com/advisories/25212
http://secunia.com/advisories/37297
http://securitytracker.com/id?1016576
http://www.sec-consult.com/289.html
http://www.securenetwork.it/ricerca/advisory/download/SN-2009-02.txt
http://www.securityfocus.com/archive/1/468048/100/0/threaded
http://www.securityfocus.com/archive/1/507729/100/0/threaded
http://www.securityfocus.com/bid/19106
Exploit
http://www.vupen.com/english/advisories/2007/1727
https://exchange.xforce.ibmcloud.com/vulnerabilities/27902
https://exchange.xforce.ibmcloud.com/vulnerabilities/34183