CVE-2005-4836 — Apache Tomcat allows remote attackers to read JSP source files

Description

The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote attackers to read JSP source files and obtain sensitive information.

How to fix CVE-2005-4836

No fixed version has been published yet. Mitigate by removing the affected package or applying upstream guidance from the references below.

Maven/org.apache.tomcat:tomcat—no fix listed

Is CVE-2005-4836 being exploited?

Low — EPSS is 1.0%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

>= 4.1.15, <= 4.1.40

References (6)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2005-4836
WEBlists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E
WEBlists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E