Description
The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote attackers to read JSP source files and obtain sensitive information.
Remediation
References
Related Vulnerabilities
Oracle Database Server CVE-2011-0882 Vulnerability (CVE-2011-0882)
WordPress Plugin Twitter Cards Meta Multiple Vulnerabilities (2.4.5)
WordPress Plugin Image Gallery-Responsive Photo Gallery Cross-Site Scripting (2.0.5)
WordPress Plugin Login Logout Menu Multiple Cross-Site Scripting Vulnerabilities (1.3.3)
WordPress Plugin Event Registration 'event_id' Parameter SQL Injection (5.32)