Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-4836

Overview

Vulnerability Score 7.8 7.8
CVE Id CVE-2005-4836
Last Modified 09 Feb 2012 12:00:00
Published 31 Dec 2005 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-4836

Summary

The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote attackers to read JSP source files and obtain sensitive information.

Vulnerable Systems

Application

  • Apache Tomcat 4.1.15

  • Apache Tomcat 4.1.16

  • Apache Tomcat 4.1.17

  • Apache Tomcat 4.1.18

  • Apache Tomcat 4.1.19

  • Apache Tomcat 4.1.20

  • Apache Tomcat 4.1.21

  • Apache Tomcat 4.1.22

  • Apache Tomcat 4.1.23

  • Apache Tomcat 4.1.24

  • Apache Tomcat 4.1.25

  • Apache Tomcat 4.1.26

  • Apache Tomcat 4.1.27

  • Apache Tomcat 4.1.28

  • Apache Tomcat 4.1.29

  • Apache Tomcat 4.1.3

  • Apache Tomcat 4.1.30

  • Apache Tomcat 4.1.31

  • Apache Tomcat 4.1.32

  • Apache Tomcat 4.1.33

  • Apache Tomcat 4.1.34

  • Apache Tomcat 4.1.35

  • Apache Tomcat 4.1.36

  • Apache Tomcat 4.1.37

  • Apache Tomcat 4.1.38

  • Apache Tomcat 4.1.39

  • Apache Tomcat 4.1.40

  • Apache Tomcat 4.1.9

  • Apache Tomcat 5.0.0

  • Apache Tomcat 5.0.1

  • Apache Tomcat 5.0.10

  • Apache Tomcat 5.0.11

  • Apache Tomcat 5.0.12

  • Apache Tomcat 5.0.13

  • Apache Tomcat 5.0.14

  • Apache Tomcat 5.0.15

  • Apache Tomcat 5.0.16

  • Apache Tomcat 5.0.17

  • Apache Tomcat 5.0.18

  • Apache Tomcat 5.0.19

  • Apache Tomcat 5.0.2

  • Apache Tomcat 5.0.21

  • Apache Tomcat 5.0.22

  • Apache Tomcat 5.0.23

  • Apache Tomcat 5.0.24

  • Apache Tomcat 5.0.25

  • Apache Tomcat 5.0.26

  • Apache Tomcat 5.0.27

  • Apache Tomcat 5.0.28

  • Apache Tomcat 5.0.29

  • Apache Tomcat 5.0.3

  • Apache Tomcat 5.0.30

  • Apache Tomcat 5.0.4

  • Apache Tomcat 5.0.5

  • Apache Tomcat 5.0.6

  • Apache Tomcat 5.0.7

  • Apache Tomcat 5.0.8

  • Apache Tomcat 5.0.9

  • Apache Tomcat 5.5.0

  • Apache Tomcat 5.5.1

  • Apache Tomcat 5.5.10

  • Apache Tomcat 5.5.11

  • Apache Tomcat 5.5.12

  • Apache Tomcat 5.5.13

  • Apache Tomcat 5.5.14

  • Apache Tomcat 5.5.15

  • Apache Tomcat 5.5.16

  • Apache Tomcat 5.5.17

  • Apache Tomcat 5.5.18

  • Apache Tomcat 5.5.19

  • Apache Tomcat 5.5.2

  • Apache Tomcat 5.5.20

  • Apache Tomcat 5.5.21

  • Apache Tomcat 5.5.22

  • Apache Tomcat 5.5.3

  • Apache Tomcat 5.5.4

  • Apache Tomcat 5.5.5

  • Apache Tomcat 5.5.6

  • Apache Tomcat 5.5.7

  • Apache Tomcat 5.5.8

  • Apache Tomcat 5.5.9

  • Apache Tomcat 6.0.9


References

CONFIRM - http://tomcat.apache.org/security-4.html

BID - 28483


Last Updated: 27 May 2016 10:58:06