Описание
The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote attackers to read JSP source files and obtain sensitive information.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | ignored | end of life |
| devel | DNE | |
| edgy | ignored | end of life, was needed |
| feisty | DNE | |
| gutsy | DNE | |
| hardy | DNE | |
| intrepid | DNE | |
| jaunty | DNE | |
| karmic | DNE | |
| upstream | needs-triage |
Показывать по
10
Ссылки на источники
7.8 High
CVSS2
Связанные уязвимости
nvd
почти 20 лет назад
The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote attackers to read JSP source files and obtain sensitive information.
debian
почти 20 лет назад
The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not ...
github
больше 3 лет назад
Apache Tomcat allows remote attackers to read JSP source files
7.8 High
CVSS2