CVE-2005-4836

The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote attackers to read JSP source files and obtain sensitive information.

Published: Dec 31, 2005
Updated: Apr 13, 2023
CVE: CVE-2005-4836
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.8
AV:N/AC:L/Au:N/C:C/I:N/A:N

CWEs:

CWE-200

Affected Software
References

Software	From	Fixed in
apache / tomcat	4.1.35	4.1.35.x
apache / tomcat	4.1.36	4.1.36.x
apache / tomcat	4.1.21	4.1.21.x
apache / tomcat	4.1.24	4.1.24.x
apache / tomcat	4.1.25	4.1.25.x
apache / tomcat	4.1.39	4.1.39.x
apache / tomcat	4.1.27	4.1.27.x
apache / tomcat	4.1.30	4.1.30.x
apache / tomcat	4.1.18	4.1.18.x
apache / tomcat	4.1.40	4.1.40.x
apache / tomcat	4.1.19	4.1.19.x
apache / tomcat	4.1.28-alpha	4.1.28-alpha.x
apache / tomcat	4.1.31	4.1.31.x
apache / tomcat	4.1.16	4.1.16.x
apache / tomcat	4.1.29	4.1.29.x
apache / tomcat	4.1.22	4.1.22.x
apache / tomcat	4.1.26	4.1.26.x
apache / tomcat	4.1.17	4.1.17.x
apache / tomcat	4.1.33	4.1.33.x
apache / tomcat	4.1.15	4.1.15.x
apache / tomcat	4.1.20	4.1.20.x
apache / tomcat	4.1.23	4.1.23.x
apache / tomcat	4.1.34	4.1.34.x
apache / tomcat	4.1.32	4.1.32.x
apache / tomcat	4.1.37	4.1.37.x
apache / tomcat	4.1.29-alpha	4.1.29-alpha.x

Vulnerability Database

289,599

CVE-2005-4836