Описание
The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote attackers to read JSP source files and obtain sensitive information.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| tomcat4 | no-dsa | sarge | package |
EPSS
Процентиль: 74%
0.00804
Низкий
Связанные уязвимости
ubuntu
почти 20 лет назад
The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote attackers to read JSP source files and obtain sensitive information.
nvd
почти 20 лет назад
The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote attackers to read JSP source files and obtain sensitive information.
github
больше 3 лет назад
Apache Tomcat allows remote attackers to read JSP source files
EPSS
Процентиль: 74%
0.00804
Низкий