← volver
CVE-2006-3835

CVE-2006-3835

EPSS 45.6%
Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (;) preceding a filename with a mapped extension, as demonstrated by URLs ending with /;index.jsp and /;help.do.
Productos afectados
n/a · n/a
PoCs públicas encontradas1
exploitdbwww.exploit-db.com/exploits/28254no verificado
⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0467.htmlhttp://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspxhttp://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.htmlhttp://secunia.com/advisories/25212http://secunia.com/advisories/30899http://secunia.com/advisories/30908http://secunia.com/advisories/33668http://secunia.com/advisories/37297http://securitytracker.com/id?1016576https://exchange.xforce.ibmcloud.com/vulnerabilities/27902https://exchange.xforce.ibmcloud.com/vulnerabilities/34183https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E