CVE-2005-4836

The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote attackers to read JSP source files and obtain sensitive information.

Published Bysecalert@redhat.com

Published DateDec 31, 2005, 05:00

Affected Versions(1)

org.apache.tomcat:tomcat(Maven)

Introduced4.1.15

FixedN/A

LimitN/A

Package (Ecosystem)	Introduced	Fixed	Limit
org.apache.tomcat:tomcat(Maven)	4.1.15	N/A	N/A

Weakness Type (CWE):CWE-200

CVSS Metrics

Base Score

7.8

Vector String

AV:N/AC:L/Au:N/C:C/I:N/A:N

Base Severity

Version

2.0

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality (C)

COMPLETE

Integrity (I)

NONE

Availability (A)

NONE

References

Weakness Type (CWE):CWE-200

CVSS Metrics

Base Score

7.8

Vector String

AV:N/AC:L/Au:N/C:C/I:N/A:N

Base Severity

Version

2.0

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality (C)

COMPLETE

Integrity (I)

NONE

Availability (A)

NONE