The HTTP/1.1 connector in Apache Tomcat 4.1.15 up to and including 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote malicious users to read JSP source files and obtain sensitive information.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
apache tomcat 4.1.35 |
||
apache tomcat 4.1.36 |
||
apache tomcat 4.1.21 |
||
apache tomcat 4.1.24 |
||
apache tomcat 4.1.25 |
||
apache tomcat 4.1.39 |
||
apache tomcat 4.1.27 |
||
apache tomcat 4.1.30 |
||
apache tomcat 4.1.18 |
||
apache tomcat 4.1.40 |
||
apache tomcat 4.1.19 |
||
apache tomcat 4.1.28 |
||
apache tomcat 4.1.31 |
||
apache tomcat 4.1.16 |
||
apache tomcat 4.1.29 |
||
apache tomcat 4.1.22 |
||
apache tomcat 4.1.26 |
||
apache tomcat 4.1.17 |
||
apache tomcat 4.1.33 |
||
apache tomcat 4.1.15 |
||
apache tomcat 4.1.20 |
||
apache tomcat 4.1.23 |
||
apache tomcat 4.1.34 |
||
apache tomcat 4.1.32 |
||
apache tomcat 4.1.37 |
Vulmon