GHSA-QRCX-P4RR-G48H Apache Tomcat allows remote attackers to read JSP source files

The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote attackers to read JSP source files and obtain sensitive information...

CVE-2005-4836

CVE-2005-4836 affects Apache Tomcat 4.1.15–4.1.40. The HTTP/1.1 connector may fail to reject NULL bytes in a URL when allowLinking is enabled, enabling a remote attacker to read JSP source files and obtain sensitive information. Multiple connected sources corroborate the same description and clas...