CVE-2006-3835 – Apache Tomcat 5 - Information Disclosure

https://notcve.org/view.php?id=CVE-2006-3835

Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (;) preceding a filename with a mapped extension, as demonstrated by URLs ending with /;index.jsp and /;help.do. Apache Tomcat 5 anterior a 5.5.17 permite a atacantes remotos listar directorios a través de un punto y coma (;) precedido de un nombre de archivo con una extensión mapeada, como se demostró con las URLs finalizadas con /;index.jsp y /;help.do. ToutVirtual VirtualIQ Pro version 3.2 build 7882 suffers from cross site scripting, cross site request forgery, directory traversal, and code execution vulnerabilities. • https://www.exploit-db.com/exploits/28254 http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0467.html http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html http://secunia.com/advisories/25212 http://secunia.com/advisories/30899 http://secunia.com/advisories/30908 http://secunia.com/advisories/33668 http://secunia.com/advisories/37297 http://securitytracker.com/id?1016576 http:/ •