What is the severity of CVE-2005-4836?

CVE-2005-4836 has a medium severity rating due to the potential for unauthorized access to sensitive information.

How do I fix CVE-2005-4836?

To fix CVE-2005-4836, upgrade Apache Tomcat to version 4.1.41 or later.

What versions of Apache Tomcat are affected by CVE-2005-4836?

CVE-2005-4836 affects Apache Tomcat versions 4.1.15 through 4.1.40.

What types of attacks does CVE-2005-4836 enable?

CVE-2005-4836 enables remote attackers to read JSP source files through crafted URLs with NULL bytes.

Is CVE-2005-4836 related to URL handling in Apache Tomcat?

Yes, CVE-2005-4836 is specifically related to improper handling of NULL bytes in URLs by the HTTP/1.1 connector.

Vulnerability/
CVE-2005-4836

high

7.8

CWE

200

31/12/2005

9/5/2007

1/5/2022

8/8/2024

CVE-2005-4836: Infoleak

First published: Sat Dec 31 2005(Updated: )

The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote attackers to read JSP source files and obtain sensitive information.

Credit: secalert@redhat.com secalert@redhat.com secalert@redhat.com

Affected Software	Affected Version	How to fix
maven/org.apache.tomcat:tomcat	>=4.1.15<=4.1.40
Tomcat	=4.1.15
Tomcat	=4.1.16
Tomcat	=4.1.17
Tomcat	=4.1.18
Tomcat	=4.1.19
Tomcat	=4.1.20
Tomcat	=4.1.21
Tomcat	=4.1.22
Tomcat	=4.1.23
Tomcat	=4.1.24
Tomcat	=4.1.25
Tomcat	=4.1.26
Tomcat	=4.1.27
Tomcat	=4.1.28-alpha
Tomcat	=4.1.29
Tomcat	=4.1.29-alpha
Tomcat	=4.1.30
Tomcat	=4.1.31
Tomcat	=4.1.32
Tomcat	=4.1.33
Tomcat	=4.1.34
Tomcat	=4.1.35
Tomcat	=4.1.36
Tomcat	=4.1.37
Tomcat	=4.1.39
Tomcat	=4.1.40

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2005-4836?
CVE-2005-4836 has a medium severity rating due to the potential for unauthorized access to sensitive information.
How do I fix CVE-2005-4836?
To fix CVE-2005-4836, upgrade Apache Tomcat to version 4.1.41 or later.
What versions of Apache Tomcat are affected by CVE-2005-4836?
CVE-2005-4836 affects Apache Tomcat versions 4.1.15 through 4.1.40.
What types of attacks does CVE-2005-4836 enable?
CVE-2005-4836 enables remote attackers to read JSP source files through crafted URLs with NULL bytes.
Is CVE-2005-4836 related to URL handling in Apache Tomcat?
Yes, CVE-2005-4836 is specifically related to improper handling of NULL bytes in URLs by the HTTP/1.1 connector.

collector/github-advisory-latest
alias/GHSA-qrcx-p4rr-g48h
alias/CVE-2005-4836
collector/github-advisory
agent/type
agent/softwarecombine
agent/first-publish-date
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/references
agent/author
agent/weakness
agent/severity
agent/event
agent/description
agent/trending
agent/source
agent/tags
collector/nvd-cve
agent/software-canonical-lookup-request
collector/nvd-api
collector/nvd-index
collector/nvd-historical
package-manager/maven
vendor/apache
canonical/tomcat
version/tomcat/4.1.15
version/tomcat/4.1.16
version/tomcat/4.1.17
version/tomcat/4.1.18
version/tomcat/4.1.19
version/tomcat/4.1.20
version/tomcat/4.1.21
version/tomcat/4.1.22
version/tomcat/4.1.23
version/tomcat/4.1.24
version/tomcat/4.1.25
version/tomcat/4.1.26
version/tomcat/4.1.27
version/tomcat/4.1.28-alpha
version/tomcat/4.1.29
version/tomcat/4.1.29-alpha
version/tomcat/4.1.30
version/tomcat/4.1.31
version/tomcat/4.1.32
version/tomcat/4.1.33
version/tomcat/4.1.34
version/tomcat/4.1.35
version/tomcat/4.1.36
version/tomcat/4.1.37
version/tomcat/4.1.39
version/tomcat/4.1.40