CVE-2006-3835
The MITRE CVE dictionary describes this issue as:
Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (;) preceding a filename with a mapped extension, as demonstrated by URLs ending with /;index.jsp and /;help.do.
Find out more about CVE-2006-3835 from the MITRE CVE dictionary dictionary and NIST NVD.
Statement
This issue is not a security issue in Tomcat itself, but is caused when directory listings are enabled.
Details on how to disable directory listings are available at: http://tomcat.apache.org/faq/misc.html#listing
Red Hat Security Errata
| Platform | Errata | Release Date |
|---|---|---|
| Red Hat Certificate System 7.3 for 4AS | RHSA-2010:0602 | 2010-08-04 |
| Red Hat Satellite v 4.1 (RHEL v.4 AS) | RHSA-2007:1069 | 2007-11-26 |
| Red Hat Satellite 5.0 (RHEL v.4 AS) | RHSA-2008:0261 | 2008-05-20 |
| Red Hat Satellite v 4.2 (RHEL v.3 AS) | RHSA-2008:0524 | 2008-06-30 |
| Red Hat Satellite v 4.2 (RHEL v.3 AS) | RHSA-2007:1069 | 2007-11-26 |
| Red Hat Satellite v 4.0 (RHEL v.4 AS) | RHSA-2007:1069 | 2007-11-26 |
| Red Hat Satellite v 4.2 (RHEL v.4 AS) | RHSA-2007:1069 | 2007-11-26 |
| Red Hat Satellite 5.0 (RHEL v.4 AS) | RHSA-2007:1069 | 2007-11-26 |
| Red Hat Satellite v 4.2 (RHEL v.4 AS) | RHSA-2008:0524 | 2008-06-30 |
| Red Hat Satellite v 4.0 (RHEL v.3 AS) | RHSA-2007:1069 | 2007-11-26 |
| Red Hat Application Server 3AS (tomcat5) | RHSA-2007:0340 | 2007-05-08 |
| Red Hat Application Server v2 4AS (jakarta-commons-modeler) | RHSA-2007:0326 | 2007-05-21 |
| Red Hat Satellite v 4.1 (RHEL v.3 AS) | RHSA-2007:1069 | 2007-11-26 |
CVE description copyright © 2017, The MITRE Corporation