VYPR
Moderate severityNVD Advisory· Published Jul 25, 2006· Updated Jun 16, 2026

CVE-2006-3835

CVE-2006-3835

Description

Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (;) preceding a filename with a mapped extension, as demonstrated by URLs ending with /;index.jsp and /;help.do.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.apache.tomcat:tomcatMaven
>= 5.0.0, < 5.5.175.5.17

Affected products

6
  • Apache/Tomcat5 versions
    cpe:2.3:a:apache:tomcat:5.0.28:*:*:*:*:*:*:*+ 4 more
    • cpe:2.3:a:apache:tomcat:5.0.28:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:5.5.12:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:5.5.16:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:5.5.7:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:5.5.9:*:*:*:*:*:*:*
  • ghsa-coords
    Range: >= 5.0.0, < 5.5.17

Patches

Vulnerability mechanics

References

41

News mentions

0

No linked articles in our index yet.