Описание
The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote attackers to read JSP source files and obtain sensitive information.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | ignored | end of life |
| devel | DNE | |
| edgy | ignored | end of life, was needed |
| feisty | DNE | |
| gutsy | DNE | |
| hardy | DNE | |
| intrepid | DNE | |
| jaunty | DNE | |
| karmic | DNE | |
| upstream | needs-triage |
Показывать по
10
Ссылки на источники
EPSS
Процентиль: 76%
0.00917
Низкий
7.8 High
CVSS2
Связанные уязвимости
nvd
около 20 лет назад
The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote attackers to read JSP source files and obtain sensitive information.
debian
около 20 лет назад
The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not ...
github
почти 4 года назад
Apache Tomcat allows remote attackers to read JSP source files
EPSS
Процентиль: 76%
0.00917
Низкий
7.8 High
CVSS2