[] NeoSense
E X P L O I T S
title author type platform port cve id

Apache Tomcat < 5.5.17 - Remote Directory Listing

Author: ScanAlert Security
type: remote
platform: multiple
port: 
date_added: 2006-07-22 
date_updated:  
verified: 1 
codes:  
tags: 
aliases:  
screenshot_url:  
application_url: 
ScanAlert Security Advisory - http://www.scanalert.com

Directory Listing in Apache Tomcat 5.x.x

Date: 07/21/2006
Vendor: Apache
Package: Tomcat
Versions: 5.x.x (5.0.28, 5.5.12, 5.5.9, and 5.5.7 . Confirmed)
Credit: ScanAlert.s Enterprise Services Team.

Overview:
Apache Tomcat is the servlet container that is used in the official Reference Implementation
for the Java Servlet and JavaServer Pages technologies.

Vulnerabilities:
Apache Tomcat can be forced to reveal a complete directory listing for any directory by requesting
a mapped file extension prepended with a semicolon, a reserved character. The file does not need to exist.

Examples:
http://www.sitexyz.com/;index.jsp
http://www.sitexyz.com/help/;help.do

# milw0rm.com [2006-07-23]
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.