HTTP: Apache Tomcat Directory Listing Information Disclosure
This signature detects attempts to exploit a known vulnerability against Apache Tomcat. A successful attack allows attackers to list the directory content.
Extended Description
Apache Tomcat is prone to an information-disclosure vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to reveal a complete directory listing from any directory. Information obtained may aid in further attacks. Reports indicate that this issue may also allow attackers to obtain the source code of script files. Apache Tomcat 5.028, 5.5.23, 5.5.9, and 5.5.7 are vulnerable to this issue; other versions may also be affected. Novell GroupWise Mobile Server 1.0 or other versions bundled with Nokia Intellisync Mobile Suite 6.4.31.2, 6.6.0.107, and 6.6.2.2 ship with an affected version of Tomcat and are vulnerable as well.
Affected Products
Novell groupwise_mobile_server
Short Name
HTTP:TOMCAT:DIR-LIST-INFO-DISCL
Severity
Minor
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
Apache CVE-2006-3835 Directory Disclosure Information Listing Tomcat bid:19106
Release Date
09/29/2010
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Red_hat
Apache_software_foundation
Suse
Sun
Computer_associates
Avaya
Novell
CVSS Score
5.0