7.8
CVSSv2

CVE-2005-4836

CVSSv4: NA | CVSSv3: NA | CVSSv2: 7.8 | VMScore: 880 | EPSS: 0.00106 | KEV: Not Included
Published: 31/12/2005 Updated: 21/11/2024

Vulnerability Summary

The HTTP/1.1 connector in Apache Tomcat 4.1.15 up to and including 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote malicious users to read JSP source files and obtain sensitive information.

Vulnerable Product Search on Vulmon Subscribe to Product

apache tomcat 4.1.15

apache tomcat 4.1.16

apache tomcat 4.1.17

apache tomcat 4.1.18

apache tomcat 4.1.19

apache tomcat 4.1.20

apache tomcat 4.1.21

apache tomcat 4.1.22

apache tomcat 4.1.23

apache tomcat 4.1.24

apache tomcat 4.1.25

apache tomcat 4.1.26

apache tomcat 4.1.27

apache tomcat 4.1.28

apache tomcat 4.1.29

apache tomcat 4.1.30

apache tomcat 4.1.31

apache tomcat 4.1.32

apache tomcat 4.1.33

apache tomcat 4.1.34

apache tomcat 4.1.35

apache tomcat 4.1.36

apache tomcat 4.1.37

apache tomcat 4.1.39

apache tomcat 4.1.40