CVE-2005-4836

CVE-2005-4836 · HIGH Severity

AV:N/AC:L/AU:N/C:C/I:N/A:N

The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote attackers to read JSP source files and obtain sensitive information.

Learn more about our Cis Benchmark Audit For Apache Http Server.