Apache Tomcat 'allowLinking' Accepts NULL Byte in URI Information Disclosure Vulnerability

Bugtraq ID: 28483
Class: Design Error
CVE: CVE-2005-4836
Remote: Yes
Local: No
Published: Apr 10 2007 12:00AM
Updated: Mar 27 2008 09:49PM
Credit: Unknown
Vulnerable: Apache Tomcat 4.1.37
Apache Tomcat 4.1.36
Apache Tomcat 4.1.36
Apache Tomcat 4.1.34
Apache Tomcat 4.1.34
+ Gentoo Linux 1.4 _rc3
+ Gentoo Linux 1.4 _rc2
+ Gentoo Linux 1.4 _rc1
+ Gentoo Linux 1.2
Apache Tomcat 4.1.32
Apache Tomcat 4.1.31
Apache Tomcat 4.1.30
Apache Tomcat 4.1.29
Apache Tomcat 4.1.28
Apache Tomcat 4.1.24
+ Gentoo Linux 1.4 _rc3
+ Gentoo Linux 1.4 _rc2
+ Gentoo Linux 1.4 _rc1
+ Gentoo Linux 1.2
Not Vulnerable:


 

Privacy Statement
Copyright 2010, SecurityFocus