CVE-2005-4836
CVE-2005-4836 is a high-severity vulnerability in Apache Tomcat with a CVSS 2.0 base score of 7.8. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-200.
Key facts
- Severity: High (CVSS 2.0 base score 7.8)
- EPSS exploit prediction: 4% (88th percentile)
- Actively exploited: Not listed in CISA KEV
- Weakness: CWE-200
- Affected product: Apache Tomcat
- Published:
- Last modified:
Description
The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote attackers to read JSP source files and obtain sensitive information.
Frequently asked questions
- What is CVE-2005-4836?
- The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote attackers to read JSP source files and obtain sensitive information.
- How severe is CVE-2005-4836?
- CVE-2005-4836 has a CVSS 2.0 base score of 7.8, rated high severity.
- Is CVE-2005-4836 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 4% (88th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2005-4836?
- CVE-2005-4836 primarily affects Apache Tomcat. In total, 26 product configurations (CPEs) are listed as vulnerable; see the affected-products list for the exact versions.
- How do I fix CVE-2005-4836?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround. Given its high severity, prioritise patching exposed systems.
- When was CVE-2005-4836 published?
- CVE-2005-4836 was published on 2005-12-31 and last updated on 2026-06-16.
References
- http://tomcat.apache.org/security-4.html
- http://www.securityfocus.com/bid/28483
- https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E
Affected products (26)
- cpe:2.3:a:apache:tomcat:4.1.15:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:4.1.16:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:4.1.17:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:4.1.18:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:4.1.19:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:4.1.20:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:4.1.21:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:4.1.22:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:4.1.23:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:4.1.24:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:4.1.25:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:4.1.26:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:4.1.27:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:4.1.28:alpha:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:4.1.29:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:4.1.29:alpha:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:4.1.30:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:4.1.31:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:4.1.32:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:4.1.33:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:4.1.34:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:4.1.35:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:4.1.36:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:4.1.37:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:4.1.39:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:4.1.40:*:*:*:*:*:*:*
More vulnerabilities in Apache Tomcat
- CVE-2026-43512 — Critical (CVSS 9.8): DEPRECATED: Authentication Bypass Issues vulnerability in digest authentication in Apache Tomcat. This issue affects…
- CVE-2026-41293 — Critical (CVSS 9.8): Improper Input Validation vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through…
- CVE-2025-31651 — Critical (CVSS 9.8): Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. For a subset of unlikely…
- CVE-2025-24813 — Critical (CVSS 9.8): Path Equivalence: 'file.Name' (Internal Dot) leading to Remote Code Execution and/or Information disclosure and/or…
- CVE-2024-56337 — Critical (CVSS 9.8): Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Apache Tomcat. This issue affects Apache Tomcat:…
- CVE-2024-50379 — Critical (CVSS 9.8): Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE…
All CVEs affecting Apache Tomcat →
Other CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor) vulnerabilities
- CVE-2026-27604 — Critical (CVSS 10.0): FOSSBilling is a free, open-source billing and client management system. Starting in version 0.5.4 and prior to version…
- CVE-2026-40965 — Critical (CVSS 10.0): Cloud Foundry UAA versions v76.12.0 through v78.12.0 are vulnerable to a private key exposure. The server contains a…
- CVE-2026-42826 — Critical (CVSS 10.0): Exposure of sensitive information to an unauthorized actor in Azure DevOps allows an unauthorized attacker to disclose…
- CVE-2025-29270 — Critical (CVSS 10.0): Incorrect access control in the realtime.cgi endpoint of Deep Sea Electronics devices DSE855 v1.1.0 to v1.1.26 allows…
- CVE-2025-61481 — Critical (CVSS 10.0): An issue in MikroTik RouterOS v.7.14.2 and SwOS v.2.18 exposes the WebFig management interface over cleartext HTTP by…
- CVE-2025-53624 — Critical (CVSS 10.0): The Docusaurus gists plugin adds a page to your Docusaurus instance, displaying all public gists of a GitHub user.…
Browse all CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor) vulnerabilities →