VYPR
High severityNVD Advisory· Published Dec 31, 2005· Updated Jun 16, 2026

CVE-2005-4836

CVE-2005-4836

Description

The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote attackers to read JSP source files and obtain sensitive information.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.apache.tomcat:tomcatMaven
>= 4.1.15, <= 4.1.40

Affected products

27
  • Apache/Tomcat26 versions
    cpe:2.3:a:apache:tomcat:4.1.15:*:*:*:*:*:*:*+ 25 more
    • cpe:2.3:a:apache:tomcat:4.1.15:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:4.1.16:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:4.1.17:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:4.1.18:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:4.1.19:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:4.1.20:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:4.1.21:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:4.1.22:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:4.1.23:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:4.1.24:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:4.1.25:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:4.1.26:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:4.1.27:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:4.1.28:alpha:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:4.1.29:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:4.1.29:alpha:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:4.1.30:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:4.1.31:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:4.1.32:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:4.1.33:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:4.1.34:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:4.1.35:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:4.1.36:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:4.1.37:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:4.1.39:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:4.1.40:*:*:*:*:*:*:*
  • ghsa-coords
    Range: >= 4.1.15, <= 4.1.40

Patches

Vulnerability mechanics

References

10

News mentions

0

No linked articles in our index yet.