Red Hat Customer Portal

Skip to main content

CVE-2006-3835

Impact:
Low
Public Date:
2006-07-21
Bugzilla:
237084: CVE-2006-3835 tomcat directory listing issue

The MITRE CVE dictionary describes this issue as:

Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (;) preceding a filename with a mapped extension, as demonstrated by URLs ending with /;index.jsp and /;help.do.

Find out more about CVE-2006-3835 from the MITRE CVE dictionary dictionary and NIST NVD.

Statement

This issue is not a security issue in Tomcat itself, but is caused when directory listings are enabled.

Details on how to disable directory listings are available at: http://tomcat.apache.org/faq/misc.html#listing

Red Hat Security Errata

Platform Errata Release Date
Red Hat Certificate System 7.3 for 4AS RHSA-2010:0602 2010-08-04
Red Hat Satellite v 4.1 (RHEL v.4 AS) RHSA-2007:1069 2007-11-26
Red Hat Satellite 5.0 (RHEL v.4 AS) RHSA-2008:0261 2008-05-20
Red Hat Satellite v 4.2 (RHEL v.3 AS) RHSA-2008:0524 2008-06-30
Red Hat Satellite v 4.2 (RHEL v.3 AS) RHSA-2007:1069 2007-11-26
Red Hat Satellite v 4.0 (RHEL v.4 AS) RHSA-2007:1069 2007-11-26
Red Hat Satellite v 4.2 (RHEL v.4 AS) RHSA-2007:1069 2007-11-26
Red Hat Satellite 5.0 (RHEL v.4 AS) RHSA-2007:1069 2007-11-26
Red Hat Satellite v 4.2 (RHEL v.4 AS) RHSA-2008:0524 2008-06-30
Red Hat Satellite v 4.0 (RHEL v.3 AS) RHSA-2007:1069 2007-11-26
Red Hat Application Server 3AS (tomcat5) RHSA-2007:0340 2007-05-08
Red Hat Application Server v2 4AS (jakarta-commons-modeler) RHSA-2007:0326 2007-05-21
Red Hat Satellite v 4.1 (RHEL v.3 AS) RHSA-2007:1069 2007-11-26

Last Modified