Apache Tomcat HTTP/1.1 connector is vulnerable to information disclosure. A lack of validation in the URL allows remote attackers to inject NULL bytes and retrieve confidential information through reading of JSP source files when allowLinking
is configured.
CPE | Name | Operator | Version |
---|---|---|---|
tomcat:tomcat4-coyote | le | 4.1.36 | |
tomcat-coyote | le | 4.1.36 | |
catalina | le | 4.1.36 |