Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (;) preceding a filename with a mapped extension, as demonstrated by URLs ending with /;index.jsp and /;help.do.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Tomcat | Apache | 5.0.28 (including) | 5.0.28 (including) |
| Tomcat | Apache | 5.5.7 (including) | 5.5.7 (including) |
| Tomcat | Apache | 5.5.9 (including) | 5.5.9 (including) |
| Tomcat | Apache | 5.5.12 (including) | 5.5.12 (including) |
| Tomcat | Apache | 5.5.16 (including) | 5.5.16 (including) |
| Red Hat Certificate System 7.3 | RedHat | ant-0:1.6.5-1jpp_1rh | * |
| Red Hat Certificate System 7.3 | RedHat | avalon-logkit-0:1.2-2jpp_4rh | * |
| Red Hat Certificate System 7.3 | RedHat | axis-0:1.2.1-1jpp_3rh | * |
| Red Hat Certificate System 7.3 | RedHat | classpathx-jaf-0:1.0-2jpp_6rh | * |
| Red Hat Certificate System 7.3 | RedHat | classpathx-mail-0:1.1.1-2jpp_8rh | * |
| Red Hat Certificate System 7.3 | RedHat | geronimo-specs-0:1.0-0.M4.1jpp_10rh | * |
| Red Hat Certificate System 7.3 | RedHat | jakarta-commons-modeler-0:2.0-3jpp_2rh | * |
| Red Hat Certificate System 7.3 | RedHat | log4j-0:1.2.12-1jpp_1rh | * |
| Red Hat Certificate System 7.3 | RedHat | mx4j-1:3.0.1-1jpp_4rh | * |
| Red Hat Certificate System 7.3 | RedHat | pcsc-lite-0:1.3.3-3.el4 | * |
| Red Hat Certificate System 7.3 | RedHat | rhpki-ca-0:7.3.0-20.el4 | * |
| Red Hat Certificate System 7.3 | RedHat | rhpki-java-tools-0:7.3.0-10.el4 | * |
| Red Hat Certificate System 7.3 | RedHat | rhpki-kra-0:7.3.0-14.el4 | * |
| Red Hat Certificate System 7.3 | RedHat | rhpki-manage-0:7.3.0-19.el4 | * |
| Red Hat Certificate System 7.3 | RedHat | rhpki-native-tools-0:7.3.0-6.el4 | * |
| Red Hat Certificate System 7.3 | RedHat | rhpki-ocsp-0:7.3.0-13.el4 | * |
| Red Hat Certificate System 7.3 | RedHat | rhpki-tks-0:7.3.0-13.el4 | * |
| Red Hat Certificate System 7.3 | RedHat | tomcat5-0:5.5.23-0jpp_4rh.16 | * |
| Red Hat Certificate System 7.3 | RedHat | xerces-j2-0:2.7.1-1jpp_1rh | * |
| Red Hat Certificate System 7.3 | RedHat | xml-commons-0:1.3.02-2jpp_1rh | * |
| Red Hat Network Satellite Server v 4.0 | RedHat | jakarta-commons-pool-0:1.2-2jpp_2rh | * |
| Red Hat Network Satellite Server v 4.0 | RedHat | tomcat5-0:5.0.30-0jpp_6rh | * |
| Red Hat Network Satellite Server v 4.0 | RedHat | tyrex-0:1.0.1-2jpp_2rh | * |
| Red Hat Network Satellite Server v 4.0 (RHEL3) | RedHat | jakarta-commons-pool-0:1.2-2jpp_2rh | * |
| Red Hat Network Satellite Server v 4.0 (RHEL3) | RedHat | tomcat5-0:5.0.30-0jpp_6rh | * |
| Red Hat Network Satellite Server v 4.0 (RHEL3) | RedHat | tyrex-0:1.0.1-2jpp_2rh | * |
| Red Hat Network Satellite Server v 4.1 | RedHat | jakarta-commons-pool-0:1.2-2jpp_2rh | * |
| Red Hat Network Satellite Server v 4.1 | RedHat | tomcat5-0:5.0.30-0jpp_6rh | * |
| Red Hat Network Satellite Server v 4.1 | RedHat | tyrex-0:1.0.1-2jpp_2rh | * |
| Red Hat Network Satellite Server v 4.1 (RHEL3) | RedHat | jakarta-commons-pool-0:1.2-2jpp_2rh | * |
| Red Hat Network Satellite Server v 4.1 (RHEL3) | RedHat | tomcat5-0:5.0.30-0jpp_6rh | * |
| Red Hat Network Satellite Server v 4.1 (RHEL3) | RedHat | tyrex-0:1.0.1-2jpp_2rh | * |
| Red Hat Network Satellite Server v 4.2 | RedHat | jakarta-commons-pool-0:1.2-2jpp_2rh | * |
| Red Hat Network Satellite Server v 4.2 | RedHat | tomcat5-0:5.0.30-0jpp_6rh | * |
| Red Hat Network Satellite Server v 4.2 | RedHat | tyrex-0:1.0.1-2jpp_2rh | * |
| Red Hat Network Satellite Server v 4.2 | RedHat | jabberd-0:2.0s10-3.38.rhn | * |
| Red Hat Network Satellite Server v 4.2 | RedHat | java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4 | * |
| Red Hat Network Satellite Server v 4.2 | RedHat | jfreechart-0:0.9.20-3.rhn | * |
| Red Hat Network Satellite Server v 4.2 | RedHat | openmotif21-0:2.1.30-11.RHEL4.6 | * |
| Red Hat Network Satellite Server v 4.2 | RedHat | perl-Crypt-CBC-0:2.24-1.el4 | * |
| Red Hat Network Satellite Server v 4.2 | RedHat | rhn-apache-0:1.3.27-36.rhn.rhel4 | * |
| Red Hat Network Satellite Server v 4.2 | RedHat | rhn-modjk-0:1.2.23-2rhn.rhel4 | * |
| Red Hat Network Satellite Server v 4.2 | RedHat | rhn-modperl-0:1.29-16.rhel4 | * |
| Red Hat Network Satellite Server v 4.2 | RedHat | rhn-modssl-0:2.8.12-8.rhn.10.rhel4 | * |
| Red Hat Network Satellite Server v 4.2 | RedHat | tomcat5-0:5.0.30-0jpp_10rh | * |
| Red Hat Network Satellite Server v 4.2 (RHEL3) | RedHat | jakarta-commons-pool-0:1.2-2jpp_2rh | * |
| Red Hat Network Satellite Server v 4.2 (RHEL3) | RedHat | tomcat5-0:5.0.30-0jpp_6rh | * |
| Red Hat Network Satellite Server v 4.2 (RHEL3) | RedHat | tyrex-0:1.0.1-2jpp_2rh | * |
| Red Hat Network Satellite Server v 4.2 (RHEL3) | RedHat | jabberd-0:2.0s10-3.37.rhn | * |
| Red Hat Network Satellite Server v 4.2 (RHEL3) | RedHat | java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3 | * |
| Red Hat Network Satellite Server v 4.2 (RHEL3) | RedHat | jfreechart-0:0.9.20-3.rhn | * |
| Red Hat Network Satellite Server v 4.2 (RHEL3) | RedHat | openmotif21-0:2.1.30-9.RHEL3.8 | * |
| Red Hat Network Satellite Server v 4.2 (RHEL3) | RedHat | perl-Crypt-CBC-0:2.24-1.el3 | * |
| Red Hat Network Satellite Server v 4.2 (RHEL3) | RedHat | rhn-apache-0:1.3.27-36.rhn.rhel3 | * |
| Red Hat Network Satellite Server v 4.2 (RHEL3) | RedHat | rhn-modjk-0:1.2.23-2rhn.rhel3 | * |
| Red Hat Network Satellite Server v 4.2 (RHEL3) | RedHat | rhn-modperl-0:1.29-16.rhel3 | * |
| Red Hat Network Satellite Server v 4.2 (RHEL3) | RedHat | rhn-modssl-0:2.8.12-8.rhn.10.rhel3 | * |
| Red Hat Network Satellite Server v 4.2 (RHEL3) | RedHat | tomcat5-0:5.0.30-0jpp_10rh | * |
| Red Hat Network Satellite Server v 5.0 | RedHat | jakarta-commons-pool-0:1.2-2jpp_2rh | * |
| Red Hat Network Satellite Server v 5.0 | RedHat | tomcat5-0:5.0.30-0jpp_6rh | * |
| Red Hat Network Satellite Server v 5.0 | RedHat | tyrex-0:1.0.1-2jpp_2rh | * |
| Red Hat Network Satellite Server v 5.0 | RedHat | jabberd-0:2.0s10-3.38.rhn | * |
| Red Hat Network Satellite Server v 5.0 | RedHat | java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4 | * |
| Red Hat Network Satellite Server v 5.0 | RedHat | jfreechart-0:0.9.20-3.rhn | * |
| Red Hat Network Satellite Server v 5.0 | RedHat | openmotif21-0:2.1.30-11.RHEL4.6 | * |
| Red Hat Network Satellite Server v 5.0 | RedHat | perl-Crypt-CBC-0:2.24-1.el4 | * |
| Red Hat Network Satellite Server v 5.0 | RedHat | rhn-apache-0:1.3.27-36.rhn.rhel4 | * |
| Red Hat Network Satellite Server v 5.0 | RedHat | rhn-modjk-0:1.2.23-2rhn.rhel4 | * |
| Red Hat Network Satellite Server v 5.0 | RedHat | rhn-modperl-0:1.29-16.rhel4 | * |
| Red Hat Network Satellite Server v 5.0 | RedHat | rhn-modssl-0:2.8.12-8.rhn.10.rhel4 | * |
| Red Hat Network Satellite Server v 5.0 | RedHat | tomcat5-0:5.0.30-0jpp_10rh | * |
| RHAPS Version 1 for RHEL 3 | RedHat | tomcat5-0:5.0.30-0jpp_5rh | * |
| RHAPS Version 2 for RHEL 4 | RedHat | jakarta-commons-modeler-0:2.0-3jpp_2rh | * |
| RHAPS Version 2 for RHEL 4 | RedHat | tomcat5-0:5.5.23-0jpp_4rh.3 | * |
References
- http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0467.html
- http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx
- http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
- http://secunia.com/advisories/25212
- http://secunia.com/advisories/30899
- http://secunia.com/advisories/30908
- http://secunia.com/advisories/33668
- http://secunia.com/advisories/37297
- http://securitytracker.com/id?1016576
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1
- http://support.avaya.com/elmodocs2/security/ASA-2007-206.htm
- http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540
- http://tomcat.apache.org/security-4.html
- http://tomcat.apache.org/security-5.html
- http://www.redhat.com/support/errata/RHSA-2008-0261.html
- http://www.sec-consult.com/289.html
- http://www.securenetwork.it/ricerca/advisory/download/SN-2009-02.txt
- http://www.securityfocus.com/archive/1/468048/100/0/threaded
- http://www.securityfocus.com/archive/1/500396/100/0/threaded
- http://www.securityfocus.com/archive/1/500412/100/0/threaded
- http://www.securityfocus.com/archive/1/507729/100/0/threaded
- http://www.securityfocus.com/bid/19106
- http://www.vupen.com/english/advisories/2007/1727
- http://www.vupen.com/english/advisories/2008/1979/references
- http://www.vupen.com/english/advisories/2009/0233
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27902
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34183
- https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E
- http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0467.html
- http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx
- http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
- http://secunia.com/advisories/25212
- http://secunia.com/advisories/30899
- http://secunia.com/advisories/30908
- http://secunia.com/advisories/33668
- http://secunia.com/advisories/37297
- http://securitytracker.com/id?1016576
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1
- http://support.avaya.com/elmodocs2/security/ASA-2007-206.htm
- http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540
- http://tomcat.apache.org/security-4.html
- http://tomcat.apache.org/security-5.html
- http://www.redhat.com/support/errata/RHSA-2008-0261.html
- http://www.sec-consult.com/289.html
- http://www.securenetwork.it/ricerca/advisory/download/SN-2009-02.txt
- http://www.securityfocus.com/archive/1/468048/100/0/threaded
- http://www.securityfocus.com/archive/1/500396/100/0/threaded
- http://www.securityfocus.com/archive/1/500412/100/0/threaded
- http://www.securityfocus.com/archive/1/507729/100/0/threaded
- http://www.securityfocus.com/bid/19106
- http://www.vupen.com/english/advisories/2007/1727
- http://www.vupen.com/english/advisories/2008/1979/references
- http://www.vupen.com/english/advisories/2009/0233
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27902
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34183
- https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E