Apache : Security Vulnerabilities, CVEs, Published In 2005 (Information Leak) CVSS score >= 6
The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote attackers to read JSP source files and obtain sensitive information.
Max CVSS
7.8
EPSS Score
0.11%
Published
2005-12-31
Updated
2019-03-25
1 vulnerabilities found