Bug#380376: tomcat5.5: CVE-2006-3835: remote directory listing
Arnaud Vandyck
avdyk at debian.org
Tue Aug 1 14:54:48 UTC 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Alec Berryman wrote:
> CVE-2006-3835: "Apache Tomcat 5 before 5.5.17 allows remote attackers to
> list directories via a semicolon (;) preceding a filename with a mapped
> extension, as demonstrated by URLs ending with /;index.jsp and
> /;help.do."
I can't reproduce the attack with tomcat5.5.15, I'm closing the bug. If
you are able to reproduce the attack, thanks to re-open the bug.
Cheers,
- --
.''`.
: :' :rnaud
`. `'
`-
Java Trap: http://www.gnu.org/philosophy/java-trap.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFEz2s44vzFZu62tMIRAu9hAJ9nodZhEIOot3mxd9SEBP1YzkAO9QCgl01W
ijocRJRisINxwQ/Ts3sIZLA=
=O5L0
-----END PGP SIGNATURE-----
More information about the pkg-java-maintainers
mailing list