Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2006-3835 — Sensitive Information Exposure in Apache Tomcat

CWE-200 — Sensitive Information Exposure12 documents7 sources

Severity

5.0MEDIUMNVD

EPSS

56.4%

top 1.88%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Apache Tomcat

Timeline

PublishedJul 25

Latest updateMay 1

Description

Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (;) preceding a filename with a mapped extension, as demonstrated by URLs ending with /;index.jsp and /;help.do.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDapache/tomcat5 versions+4

Patches

Patch: archives.neohapsis.com ↗Patch: archives.neohapsis.com ↗

🔴Vulnerability Details

OSV

Apache Tomcat Reveals Directories↗2022-05-01

▶

GHSA

Apache Tomcat Reveals Directories↗2022-05-01

▶

CVEList

CVE-2006-3835: Apache Tomcat 5 before 5↗2006-07-25

▶

💥Exploits & PoCs

Exploit-DB

Apache Tomcat 5 - Information Disclosure↗2006-07-21

▶

📋Vendor Advisories

Red Hat

tomcat directory listing issue↗2006-07-21

▶

💬Community

Bugzilla

A number of tomcat issues↗2007-05-09

▶

Bugzilla

CVE-2005-2090 multiple tomcat issues (CVE-2007-0450 CVE-2006-7195 CVE-2006-7196 CVE-2007-1858 CVE-2006-3835 CVE-2005-3510 CVE-2005-4838)↗2007-04-30

▶

Bugzilla

CVE-2005-2090 multiple tomcat issues (CVE-2007-0450 CVE-2006-7195 CVE-2006-7196 CVE-2007-1858 CVE-2006-3835)↗2007-04-19

▶

Bugzilla

CVE-2006-3835 tomcat directory listing issue↗2007-04-19

▶

Bugzilla

CVE-2006-3835 tomcat directory listing leak (RHAPS)↗2006-08-09

▶