No description provided by source.
ScanAlert Security Advisory - http://www.scanalert.com Directory Listing in Apache Tomcat 5.x.x Date: 07/21/2006 Vendor: Apache Package: Tomcat Versions: 5.x.x (5.0.28, 5.5.12, 5.5.9, and 5.5.7 . Confirmed) Credit: ScanAlert.s Enterprise Services Team. Overview: Apache Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. Vulnerabilities: Apache Tomcat can be forced to reveal a complete directory listing for any directory by requesting a mapped file extension prepended with a semicolon, a reserved character. The file does not need to exist. Examples: http://www.sitexyz.com/;index.jsp http://www.sitexyz.com/help/;help.do # milw0rm.com [2006-07-23]