Executive Summary

Informations
Name CVE-2006-3835 First vendor Publication 2006-07-25
Vendor Cve Last vendor Modification 2023-11-07

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:N/A:N)
Cvss Base Score 5 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (;) preceding a filename with a mapped extension, as demonstrated by URLs ending with /;index.jsp and /;help.do.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3835

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 5

ExploitDB Exploits

id Description
2009-11-07 ToutVirtual VirtualIQ Pro 3.2 Multiple Vulnerabilities

OpenVAS Exploits

Date Description
2009-10-13 Name : SLES10: Security update for Tomcat 5
File : nvt/sles10_tomcat5.nasl
2009-10-10 Name : SLES9: Security update for Tomcat
File : nvt/sles9p5042180.nasl
2009-02-18 Name : SuSE Security Summary SUSE-SR:2009:004
File : nvt/suse_sr_2009_004.nasl
2009-02-02 Name : Ubuntu USN-710-1 (xine-lib)
File : nvt/ubuntu_710_1.nasl
2009-02-02 Name : Ubuntu USN-711-1 (ktorrent)
File : nvt/ubuntu_711_1.nasl
2009-02-02 Name : Ubuntu USN-712-1 (vim)
File : nvt/ubuntu_712_1.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
32723 Apache Tomcat semicolon Crafted Filename Request Forced Directory Listing

Apache Tomcat contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an attacker makes a crafted file request containing a semicolon (;) before the file name, which will result in the server displaying the contents of the directory. This may disclose sensitive files, unpublished content or back up files.

Nessus® Vulnerability Scanner

Date Description
2010-06-16 Name : The remote Apache Tomcat server is affected by multiple vulnerabilities.
File : tomcat_4_1_32.nasl - Type : ACT_GATHER_INFO
2010-01-10 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2007-1069.nasl - Type : ACT_GATHER_INFO
2010-01-10 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2008-0261.nasl - Type : ACT_GATHER_INFO
2010-01-10 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2008-0524.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12343.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_tomcat5-5955.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff...
https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957...
https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098...
Source Url
BID http://www.securityfocus.com/bid/19106
BUGTRAQ http://www.securityfocus.com/archive/1/468048/100/0/threaded
http://www.securityfocus.com/archive/1/500396/100/0/threaded
http://www.securityfocus.com/archive/1/500412/100/0/threaded
http://www.securityfocus.com/archive/1/507729/100/0/threaded
CONFIRM http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx
http://support.avaya.com/elmodocs2/security/ASA-2007-206.htm
http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540
http://tomcat.apache.org/security-4.html
http://tomcat.apache.org/security-5.html
FULLDISC http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0467.html
MISC http://www.sec-consult.com/289.html
http://www.securenetwork.it/ricerca/advisory/download/SN-2009-02.txt
REDHAT http://www.redhat.com/support/errata/RHSA-2008-0261.html
SECTRACK http://securitytracker.com/id?1016576
SECUNIA http://secunia.com/advisories/25212
http://secunia.com/advisories/30899
http://secunia.com/advisories/30908
http://secunia.com/advisories/33668
http://secunia.com/advisories/37297
SUNALERT http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1
SUSE http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
VUPEN http://www.vupen.com/english/advisories/2007/1727
http://www.vupen.com/english/advisories/2008/1979/references
http://www.vupen.com/english/advisories/2009/0233
XF https://exchange.xforce.ibmcloud.com/vulnerabilities/27902
https://exchange.xforce.ibmcloud.com/vulnerabilities/34183

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
Date Informations
2023-11-07 21:48:03
  • Multiple Updates
2021-05-04 12:04:22
  • Multiple Updates
2021-04-22 01:05:00
  • Multiple Updates
2020-05-23 00:18:09
  • Multiple Updates
2019-03-25 17:18:56
  • Multiple Updates
2019-03-21 21:19:08
  • Multiple Updates
2018-10-18 00:19:36
  • Multiple Updates
2017-07-20 09:23:47
  • Multiple Updates
2016-04-26 14:54:11
  • Multiple Updates
2014-02-17 10:36:41
  • Multiple Updates
2013-05-11 11:04:44
  • Multiple Updates