5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.877 High
EPSS
Percentile
98.6%
Low: Directory listing CVE-2006-3835
This is expected behaviour when directory listings are enabled. The semicolon (;) is the separator for path parameters so inserting one before a file name changes the request into a request for a directory with a path parameter. If directory listings are enabled, a directory listing will be shown. In response to this and other directory listing issues, directory listings were changed to be disabled by default.
Affects: 5.0.0-5.0.30, 5.5.0-5.5.12
Important: Denial of service CVE-2005-3510
The root cause is the relatively expensive calls required to generate the content for the directory listings. If directory listings are enabled, the number of files in each directory should be kept to a minimum. In response to this issue, directory listings were changed to be disabled by default. Additionally, a patch has been proposed that would improve performance, particularly for large directories, by caching directory listings.
Affects: 5.0.0-5.0.30, 5.5.0-5.5.12
CPE | Name | Operator | Version |
---|---|---|---|
apache tomcat | ge | 5.0.0 | |
apache tomcat | le | 5.0.30 | |
apache tomcat | ge | 5.5.0 | |
apache tomcat | le | 5.5.12 |