CVE-2006-3835
Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (;) preceding a filename with a mapped extension, as demonstrated by URLs ending with /;index.jsp and /;help.do.
Date published : 2006-07-24
http://www.securityfocus.com/bid/19106
http://www.securityfocus.com/archive/1/468048/100/0/threaded