Vulnerability Database

289,599

Total vulnerabilities in the database

CVE-2006-3835

Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (;) preceding a filename with a mapped extension, as demonstrated by URLs ending with /;index.jsp and /;help.do.

  • Published: Jul 25, 2006
  • Updated: Apr 13, 2023
  • CVE: CVE-2006-3835
  • Severity: Medium
  • Exploit:

CVSS v2:

  • Severity: Medium
  • Score: 5
  • AV:N/AC:L/Au:N/C:P/I:N/A:N

No CWE or OWASP classifications available.

Software From Fixed in
apache / tomcat 5.5.12 5.5.12.x
apache / tomcat 5.5.7 5.5.7.x
apache / tomcat 5.5.9 5.5.9.x
apache / tomcat 5.0.28 5.0.28.x
apache / tomcat 5.5.16 5.5.16.x