[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2006-3835":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T02:55:30.529Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":18,"aliases":48,"duplicate_of":9,"upstream":50,"downstream":51,"duplicates":64,"related":65,"reserved_at":9,"published_at":66,"modified_at":67,"state":68,"summary":69,"references_raw":77,"kevs":264,"epss":265,"epss_history":268,"metrics":502,"affected":507},"CVE-2006-3835","Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (;) preceding a filename with a mapped extension, as demonstrated by URLs ending with /;index.jsp and /;help.do.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":9,"likelihood_of_exploit":9,"capec":17},"NVD-CWE-OTHER","Other","NVD uses this CWE ID when the weakness does not map to any existing CWE entry.","placeholder","NVD-Reserved",[],[19,28,33],{"_key":20,"name":21,"source":22,"url":23,"maturity":24,"reliability_score":25,"verified":26,"type":9,"platforms":27,"requires_auth":9,"exploitdb":9,"metasploit":9},"REF_D90EE5F8723E8FA7","Exploit Reference (securityfocus.com)","reference","http://www.securityfocus.com/bid/19106","unknown",0.2,false,[],{"_key":29,"name":30,"source":22,"url":31,"maturity":24,"reliability_score":25,"verified":26,"type":9,"platforms":32,"requires_auth":9,"exploitdb":9,"metasploit":9},"REF_36724BCD65E20690","Exploit Reference (archives.neohapsis.com)","http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0467.html",[],{"_key":34,"name":35,"source":36,"url":37,"maturity":38,"reliability_score":39,"verified":40,"type":41,"platforms":42,"requires_auth":9,"exploitdb":44,"metasploit":9},"28254","Apache Tomcat 5 - Information Disclosure","exploit-database","https://www.exploit-db.com/exploits/28254","weaponized",0.8,true,"remote",[43],"multiple",{"verified":40,"type":41,"platform":43,"file":45,"codes":46},"exploits/multiple/remote/28254.txt",[7,47],"OSVDB-32723",[49],"GHSA-wfj7-mhr5-pcwq",[],[52,54,56,58,60,62],{"_key":53},"RHSA-2007:0326",{"_key":55},"RHSA-2007:0340",{"_key":57},"RHSA-2007:1069",{"_key":59},"RHSA-2008:0261",{"_key":61},"RHSA-2008:0524",{"_key":63},"RHSA-2010:0602",[],[],"2006-07-25T00:00:00.000Z","2024-08-07T18:48:39.282Z","Modified",{"cisa_kev":26,"cisa_ransomware":26,"cisa_vendor":9,"epss_severity":70,"epss_score":71,"severity":72,"severity_score":73,"severity_version":74,"severity_source":75,"severity_vector":76,"severity_status":68},"critical",0.51511,"medium",5,"v2.0","nvd","AV:N/AC:L/Au:N/C:P/I:N/A:N",[78,85,92,98,102,108,112,117,122,128,132,136,141,145,149,153,158,162,166,170,175,180,184,188,193,197,201,205,210,214,218,223,228,232,236,240,244,248,252,256,260],{"url":23,"sources":79,"tags":81},[80,75],"cve.org",[82,83,84],"VDB Entry","X Refsource BID","Exploit",{"url":86,"sources":87,"tags":89},"http://tomcat.apache.org/security-4.html",[80,75,88],"osv_maven",[90,91],"X Refsource CONFIRM","WEB",{"url":93,"sources":94,"tags":95},"http://secunia.com/advisories/30908",[80,75],[96,97],"Third Party Advisory","X Refsource SECUNIA",{"url":99,"sources":100,"tags":101},"http://secunia.com/advisories/37297",[80,75],[96,97],{"url":103,"sources":104,"tags":105},"http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1",[80,75,88],[106,107,91],"Vendor Advisory","X Refsource SUNALERT",{"url":109,"sources":110,"tags":111},"http://secunia.com/advisories/30899",[80,75],[96,97],{"url":113,"sources":114,"tags":115},"http://www.sec-consult.com/289.html",[80,75,88],[116,91],"X Refsource MISC",{"url":118,"sources":119,"tags":120},"http://www.vupen.com/english/advisories/2008/1979/references",[80,75],[82,121],"X Refsource VUPEN",{"url":123,"sources":124,"tags":125},"http://www.securityfocus.com/archive/1/500412/100/0/threaded",[80,75],[126,127],"Mailing List","X Refsource BUGTRAQ",{"url":129,"sources":130,"tags":131},"http://www.vupen.com/english/advisories/2007/1727",[80,75],[82,121],{"url":133,"sources":134,"tags":135},"http://secunia.com/advisories/33668",[80,75],[96,97],{"url":137,"sources":138,"tags":139},"https://exchange.xforce.ibmcloud.com/vulnerabilities/27902",[80,75,88],[82,140,91],"X Refsource XF",{"url":142,"sources":143,"tags":144},"http://www.securityfocus.com/archive/1/500396/100/0/threaded",[80,75],[126,127],{"url":146,"sources":147,"tags":148},"http://www.securityfocus.com/archive/1/468048/100/0/threaded",[80,75],[126,127],{"url":150,"sources":151,"tags":152},"http://www.vupen.com/english/advisories/2009/0233",[80,75],[82,121],{"url":154,"sources":155,"tags":156},"http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html",[80,75,88],[106,157,91],"X Refsource SUSE",{"url":159,"sources":160,"tags":161},"http://support.avaya.com/elmodocs2/security/ASA-2007-206.htm",[80,75,88],[90,91],{"url":163,"sources":164,"tags":165},"http://secunia.com/advisories/25212",[80,75],[96,97],{"url":167,"sources":168,"tags":169},"http://www.securityfocus.com/archive/1/507729/100/0/threaded",[80,75],[126,127],{"url":171,"sources":172,"tags":173},"http://securitytracker.com/id?1016576",[80,75],[82,174],"X Refsource SECTRACK",{"url":31,"sources":176,"tags":177},[80,75,88],[126,178,84,179,91],"X Refsource FULLDISC","Patch",{"url":181,"sources":182,"tags":183},"http://tomcat.apache.org/security-5.html",[80,75,88],[90,91],{"url":185,"sources":186,"tags":187},"https://exchange.xforce.ibmcloud.com/vulnerabilities/34183",[80,75,88],[82,140,91],{"url":189,"sources":190,"tags":191},"http://www.redhat.com/support/errata/RHSA-2008-0261.html",[80,75,88],[106,192,91],"X Refsource REDHAT",{"url":194,"sources":195,"tags":196},"http://www.securenetwork.it/ricerca/advisory/download/SN-2009-02.txt",[80,75,88],[116,91],{"url":198,"sources":199,"tags":200},"http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx",[80,75,88],[90,91],{"url":202,"sources":203,"tags":204},"http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540",[80,75,88],[90,91],{"url":206,"sources":207,"tags":208},"https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E",[80,75,88],[126,209,91],"X Refsource MLIST",{"url":211,"sources":212,"tags":213},"https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E",[80,75,88],[126,209,91],{"url":215,"sources":216,"tags":217},"https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E",[80,75,88],[126,209,91],{"url":219,"sources":220,"tags":221},"https://nvd.nist.gov/vuln/detail/CVE-2006-3835",[88],[222],"Advisory",{"url":224,"sources":225,"tags":226},"https://github.com/apache/tomcat",[88],[227],"PACKAGE",{"url":229,"sources":230,"tags":231},"https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E",[88],[91],{"url":233,"sources":234,"tags":235},"https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E",[88],[91],{"url":237,"sources":238,"tags":239},"https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E",[88],[91],{"url":241,"sources":242,"tags":243},"https://web.archive.org/web/20200517122628/http://www.securityfocus.com/archive/1/500396/100/0/threaded",[88],[91],{"url":245,"sources":246,"tags":247},"https://web.archive.org/web/20200517153851/http://www.securityfocus.com/archive/1/500412/100/0/threaded",[88],[91],{"url":249,"sources":250,"tags":251},"https://web.archive.org/web/20200525234537/http://securitytracker.com/id?1016576",[88],[91],{"url":253,"sources":254,"tags":255},"https://web.archive.org/web/20200526144006/http://www.securityfocus.com/archive/1/507729/100/0/threaded",[88],[91],{"url":257,"sources":258,"tags":259},"https://web.archive.org/web/20200526152646/http://www.securityfocus.com/archive/1/468048/100/0/threaded",[88],[91],{"url":261,"sources":262,"tags":263},"https://web.archive.org/web/20200526165235/http://www.securityfocus.com/bid/19106",[88],[91],[],{"date":266,"score":71,"percentile":267},"2026-06-04",0.97942,[269,273,276,278,281,283,285,287,290,293,296,298,300,302,304,307,310,313,316,319,321,324,326,328,330,332,334,337,340,342,344,346,350,353,356,359,361,364,367,370,372,374,377,380,383,386,388,390,393,396,399,401,404,406,410,412,414,416,418,421,424,426,429,432,434,437,440,443,446,448,450,453,456,459,462,464,467,469,472,474,477,480,483,485,488,491,493,495,497,499],{"date":270,"score":271,"percentile":272},"2025-11-04",0.57871,0.98061,{"date":274,"score":271,"percentile":275},"2025-11-05",0.98063,{"date":277,"score":271,"percentile":275},"2025-11-06",{"date":279,"score":271,"percentile":280},"2025-11-07",0.98064,{"date":282,"score":271,"percentile":280},"2025-11-08",{"date":284,"score":271,"percentile":280},"2025-11-09",{"date":286,"score":271,"percentile":280},"2025-11-10",{"date":288,"score":271,"percentile":289},"2025-11-11",0.98065,{"date":291,"score":271,"percentile":292},"2025-11-12",0.98067,{"date":294,"score":271,"percentile":295},"2025-11-13",0.98068,{"date":297,"score":271,"percentile":295},"2025-11-14",{"date":299,"score":271,"percentile":289},"2025-11-15",{"date":301,"score":271,"percentile":280},"2025-11-16",{"date":303,"score":271,"percentile":280},"2025-11-17",{"date":305,"score":271,"percentile":306},"2025-11-18",0.98109,{"date":308,"score":271,"percentile":309},"2025-11-19",0.98111,{"date":311,"score":271,"percentile":312},"2025-11-20",0.98112,{"date":314,"score":271,"percentile":315},"2025-11-21",0.9806,{"date":317,"score":271,"percentile":318},"2025-11-22",0.98058,{"date":320,"score":271,"percentile":318},"2025-11-23",{"date":322,"score":271,"percentile":323},"2025-11-24",0.98059,{"date":325,"score":271,"percentile":272},"2025-11-25",{"date":327,"score":271,"percentile":315},"2025-11-26",{"date":329,"score":271,"percentile":272},"2025-11-27",{"date":331,"score":271,"percentile":272},"2025-11-28",{"date":333,"score":271,"percentile":275},"2025-11-29",{"date":335,"score":271,"percentile":336},"2025-11-30",0.98062,{"date":338,"score":271,"percentile":339},"2025-12-01",0.98077,{"date":341,"score":271,"percentile":339},"2025-12-02",{"date":343,"score":271,"percentile":339},"2025-12-03",{"date":345,"score":271,"percentile":315},"2025-12-04",{"date":347,"score":348,"percentile":349},"2025-12-05",0.56443,0.97993,{"date":351,"score":348,"percentile":352},"2025-12-06",0.97994,{"date":354,"score":348,"percentile":355},"2025-12-07",0.97995,{"date":357,"score":348,"percentile":358},"2025-12-08",0.97996,{"date":360,"score":348,"percentile":358},"2025-12-09",{"date":362,"score":348,"percentile":363},"2025-12-10",0.97999,{"date":365,"score":348,"percentile":366},"2025-12-11",0.98002,{"date":368,"score":348,"percentile":369},"2025-12-12",0.98004,{"date":371,"score":348,"percentile":363},"2025-12-13",{"date":373,"score":348,"percentile":363},"2025-12-14",{"date":375,"score":348,"percentile":376},"2025-12-15",0.98,{"date":378,"score":348,"percentile":379},"2025-12-16",0.98007,{"date":381,"score":348,"percentile":382},"2025-12-17",0.98011,{"date":384,"score":348,"percentile":385},"2025-12-18",0.9801,{"date":387,"score":348,"percentile":382},"2025-12-19",{"date":389,"score":348,"percentile":385},"2025-12-20",{"date":391,"score":348,"percentile":392},"2025-12-21",0.98009,{"date":394,"score":348,"percentile":395},"2025-12-22",0.98003,{"date":397,"score":348,"percentile":398},"2025-12-23",0.98008,{"date":400,"score":348,"percentile":392},"2025-12-24",{"date":402,"score":348,"percentile":403},"2025-12-25",0.98006,{"date":405,"score":348,"percentile":403},"2025-12-26",{"date":407,"score":408,"percentile":409},"2025-12-27",0.50935,0.97767,{"date":411,"score":348,"percentile":379},"2025-12-28",{"date":413,"score":348,"percentile":398},"2025-12-29",{"date":415,"score":348,"percentile":379},"2025-12-30",{"date":417,"score":348,"percentile":385},"2025-12-31",{"date":419,"score":348,"percentile":420},"2026-01-01",0.98034,{"date":422,"score":348,"percentile":423},"2026-01-02",0.98033,{"date":425,"score":348,"percentile":423},"2026-01-03",{"date":427,"score":348,"percentile":428},"2026-01-04",0.98019,{"date":430,"score":348,"percentile":431},"2026-01-05",0.9802,{"date":433,"score":348,"percentile":431},"2026-01-06",{"date":435,"score":348,"percentile":436},"2026-01-07",0.98021,{"date":438,"score":348,"percentile":439},"2026-01-08",0.98022,{"date":441,"score":348,"percentile":442},"2026-01-09",0.98024,{"date":444,"score":348,"percentile":445},"2026-01-10",0.98025,{"date":447,"score":348,"percentile":442},"2026-01-11",{"date":449,"score":348,"percentile":442},"2026-01-12",{"date":451,"score":348,"percentile":452},"2026-01-13",0.98026,{"date":454,"score":348,"percentile":455},"2026-01-14",0.98028,{"date":457,"score":348,"percentile":458},"2026-01-15",0.98029,{"date":460,"score":348,"percentile":461},"2026-01-16",0.98031,{"date":463,"score":348,"percentile":420},"2026-01-17",{"date":465,"score":348,"percentile":466},"2026-01-18",0.98032,{"date":468,"score":348,"percentile":423},"2026-01-19",{"date":470,"score":348,"percentile":471},"2026-01-20",0.98035,{"date":473,"score":348,"percentile":471},"2026-01-21",{"date":475,"score":348,"percentile":476},"2026-01-22",0.98037,{"date":478,"score":348,"percentile":479},"2026-01-23",0.98039,{"date":481,"score":348,"percentile":482},"2026-01-24",0.9804,{"date":484,"score":348,"percentile":479},"2026-01-25",{"date":486,"score":348,"percentile":487},"2026-01-26",0.98041,{"date":489,"score":348,"percentile":490},"2026-01-27",0.98042,{"date":492,"score":348,"percentile":490},"2026-01-28",{"date":494,"score":348,"percentile":487},"2026-01-29",{"date":496,"score":348,"percentile":487},"2026-01-30",{"date":498,"score":348,"percentile":471},"2026-01-31",{"date":500,"score":348,"percentile":501},"2026-02-01",0.98054,[503],{"source":75,"cvss_v2_0":504,"cvss_v3_0":9,"cvss_v3_1":9,"cvss_v4_0":9},{"baseScore":73,"baseSeverity":9,"vectorString":76,"impactScore":505,"exploitabilityScore":506},2.9,10,[508,522],{"ecosystem":9,"name":509,"vendor":9,"product":509,"cpe_part":9,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":510},"Tomcat",[511,514,516,518,520],{"version":512,"is_range":26,"range_type":513,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"5.0.28","cpe",{"version":515,"is_range":26,"range_type":513,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"5.5.7",{"version":517,"is_range":26,"range_type":513,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"5.5.9",{"version":519,"is_range":26,"range_type":513,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"5.5.12",{"version":521,"is_range":26,"range_type":513,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"5.5.16",{"ecosystem":523,"name":524,"vendor":525,"product":526,"cpe_part":9,"purl_type":527,"purl_namespace":525,"purl_name":526,"source":9,"versions":528},"Maven","org.apache.tomcat:tomcat","org.apache.tomcat","tomcat","maven",[529],{"version":530,"is_range":40,"range_type":531,"version_start":532,"version_start_type":533,"version_end":534,"version_end_type":535,"fixed_in":9},"gte5_0_0_lt5_5_17","ecosystem","5.0.0","including","5.5.17","excluding"]