Vulnerability Name:

CVE-2005-3510 (CCN-22942)

Assigned:2005-11-03
Published:2005-11-03
Updated:2019-03-25
Summary:Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Denial of Service
References:Source: CCN
Type: Full-Disclosure Mailing List, Thu Nov 03 2005 - 01:13:04 CST
Apache Tomcat 5.5.x remote Denial Of Service

Source: CONFIRM
Type: UNKNOWN
http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx

Source: CCN
Type: CA Security Response Blog, Jan 23 2009, 06:04 PM
CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities

Source: MITRE
Type: CNA
CVE-2005-3510

Source: CCN
Type: Apache Jakarta Project Web site
Apache Jakarta Tomcat

Source: CCN
Type: RHSA-2006-0161
RHAPS security and enhancement update

Source: CCN
Type: RHSA-2007-0340
Important: tomcat security update

Source: CCN
Type: RHSA-2007-1069
Moderate: tomcat security update for Red Hat Network Satellite Server

Source: CCN
Type: RHSA-2008-0261
Moderate: Red Hat Network Satellite Server security update

Source: CCN
Type: RHSA-2008-0524
Low: Red Hat Network Satellite Server security update

Source: CCN
Type: RHSA-2010-0602
Moderate: Red Hat Certificate System 7.3 security update

Source: CCN
Type: SA17416
Apache Tomcat Directory Listing Denial of Service

Source: SECUNIA
Type: Vendor Advisory
17416

Source: CCN
Type: SA30899
Sun Solaris 9 Tomcat Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
30899

Source: CCN
Type: SA30908
Sun Solaris 10 Tomcat Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
30908

Source: CCN
Type: SA33668
CA Cohesion Application Configuration Manager Apache Tomcat Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
33668

Source: CCN
Type: SECTRACK ID: 1015147
Tomcat Server Lets Remote Users Deny Service By Making Multiple Directory Listing Requests

Source: SECTRACK
Type: Patch, Vendor Advisory
1015147

Source: SUNALERT
Type: UNKNOWN
239312

Source: CCN
Type: Sun Alert ID: 239312
Security Vulnerabilities in Tomcat 4.0 Shipped with Solaris 9 and 10

Source: CCN
Type: ASA-2008-293
Security Vulnerabilities in Tomcat 4.0 Shipped with Solaris 9 and 10 (Sun 239312)

Source: CONFIRM
Type: UNKNOWN
http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540

Source: CONFIRM
Type: UNKNOWN
http://tomcat.apache.org/security-4.html

Source: CONFIRM
Type: UNKNOWN
http://tomcat.apache.org/security-5.html

Source: OSVDB
Type: UNKNOWN
20439

Source: CCN
Type: OSVDB ID: 20439
Apache Tomcat Directory Listing Saturation DoS

Source: REDHAT
Type: UNKNOWN
RHSA-2006:0161

Source: REDHAT
Type: UNKNOWN
RHSA-2008:0261

Source: BUGTRAQ
Type: UNKNOWN
20051104 Apache Tomcat 5.5.x remote Denial Of Service

Source: BUGTRAQ
Type: UNKNOWN
20090124 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities

Source: BUGTRAQ
Type: UNKNOWN
20090127 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Updated - v1.1)

Source: BID
Type: UNKNOWN
15325

Source: CCN
Type: BID-15325
Apache Tomcat Simultaneous Directory Listing Denial Of Service Vulnerability

Source: VUPEN
Type: UNKNOWN
ADV-2008-1979

Source: VUPEN
Type: UNKNOWN
ADV-2009-0233

Source: XF
Type: UNKNOWN
tomcat-directory-listing-dos(22942)

Source: MLIST
Type: UNKNOWN
[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/

Source: MLIST
Type: UNKNOWN
[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/

Source: MLIST
Type: UNKNOWN
[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/

Source: CCN
Type: CA20090123-01
Security Notice for Cohesion Tomcat

Vulnerable Configuration:Configuration 1:
  • cpe:/a:apache:tomcat:5.5.0:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:5.5.1:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:5.5.2:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:5.5.3:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:5.5.4:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:5.5.5:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:5.5.6:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:5.5.7:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:5.5.8:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:5.5.9:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:5.5.10:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:5.5.11:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:apache:tomcat:5.5.4:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:5.5.9:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:5.5.7:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:5.5.0:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:5.5.1:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:5.5.10:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:5.5.11:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:5.5.2:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:5.5.3:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:5.5.5:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:5.5.6:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:5.5.8:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:certificate_system:7.3:*:*:*:*:*:*:*
  • AND
  • cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*
  • OR cpe:/o:sun:solaris:9::x86:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*
  • OR cpe:/o:sun:solaris:10::sparc:*:*:*:*:*
  • OR cpe:/o:sun:solaris:10::x86:*:*:*:*:*
  • OR cpe:/o:redhat:linux_advanced_workstation:2.1::itanium:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:client:*:*:*:*:*
  • OR cpe:/a:redhat:rhel_application_server:2:*:*:*:*:*:*:*
  • OR cpe:/o:sun:solaris:9::sparc:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20053510
    V
    		CVE-2005-3510
    2017-09-27
    BACK
    apache tomcat 5.5.0
    apache tomcat 5.5.1
    apache tomcat 5.5.2
    apache tomcat 5.5.3
    apache tomcat 5.5.4
    apache tomcat 5.5.5
    apache tomcat 5.5.6
    apache tomcat 5.5.7
    apache tomcat 5.5.8
    apache tomcat 5.5.9
    apache tomcat 5.5.10
    apache tomcat 5.5.11
    apache tomcat 5.5.4
    apache tomcat 5.5.9
    apache tomcat 5.5.7
    apache tomcat 5.5.0
    apache tomcat 5.5.1
    apache tomcat 5.5.10
    apache tomcat 5.5.11
    apache tomcat 5.5.2
    apache tomcat 5.5.3
    apache tomcat 5.5.5
    apache tomcat 5.5.6
    apache tomcat 5.5.8
    redhat certificate system 7.3
    redhat enterprise linux 3
    sun solaris 9
    redhat enterprise linux 4
    sun solaris 10
    sun solaris 10
    redhat linux advanced workstation 2.1
    redhat enterprise linux 5
    redhat rhel application server 2
    sun solaris 9