bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/multiple/remote/2061.txt
Offensive Security b4c96a5864 DB: 2021-09-03 
28807 changes to exploits/shellcodes
2021-09-03 20:19:21 +00:00

23 lines
No EOL
748 B
Text
Raw Permalink Blame History

ScanAlert Security Advisory - http://www.scanalert.com
Directory Listing in Apache Tomcat 5.x.x
Date: 07/21/2006
Vendor: Apache
Package: Tomcat
Versions: 5.x.x (5.0.28, 5.5.12, 5.5.9, and 5.5.7 . Confirmed)
Credit: ScanAlert.s Enterprise Services Team.
Overview:
Apache Tomcat is the servlet container that is used in the official Reference Implementation
for the Java Servlet and JavaServer Pages technologies.
Vulnerabilities:
Apache Tomcat can be forced to reveal a complete directory listing for any directory by requesting
a mapped file extension prepended with a semicolon, a reserved character. The file does not need to exist.
Examples:
http://www.sitexyz.com/;index.jsp
http://www.sitexyz.com/help/;help.do
# milw0rm.com [2006-07-23]
Reference in a new issue View git blame Copy permalink