Red Hat Bugzilla – Bug 201592
CVE-2006-3835 tomcat directory listing leak (RHAPS2)
Last modified: 2007-04-18 13:47:01 EDT
ScanAlert Security Advisory:
Apache Tomcat can be forced to reveal a complete directory listing for any
directory by requesting a mapped file extension prepended with a semicolon, a
reserved character. The file does not need to exist.
Check bug 201915 for additional information.