Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (;) preceding a filename with a mapped extension, as demonstrated by URLs ending with /;index.jsp and /;help.do.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Tomcat | Apache | 5.0.28 (including) | 5.0.28 (including) |
Tomcat | Apache | 5.5.7 (including) | 5.5.7 (including) |
Tomcat | Apache | 5.5.9 (including) | 5.5.9 (including) |
Tomcat | Apache | 5.5.12 (including) | 5.5.12 (including) |
Tomcat | Apache | 5.5.16 (including) | 5.5.16 (including) |