CVE-2010-1157

Severity

3.7

Description

Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply.

Related links:

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1157

http://tomcat.apache.org/security-5.html

http://tomcat.apache.org/security-6.html

https://svn.apache.org/viewvc?view=revision&revision=936540

https://svn.apache.org/viewvc?view=revision&revision=936541

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-1157

Project

Apache Tomcat

Category

n/a

Tags

data

Date Disclosed

2010-04-23

Date Discovered

2010-03-29

Apache Tomcat 6.0.x

First release:

2007-02-28

First release:

2016-12-31

CVEs:

50

Support Lifecycle:

Namespace:

javax

6.0.13 6.0.14 6.0.16 6.0.18 6.0.20 6.0.24 6.0.26

Feel Vulnerable?

Contact us so we can help you.

First name ^*
Last name ^*
Email ^*
Company ^*
Product ^*
Heard about us from: ^*
Tell us more ^*

Send me a confirmation email

^* These fields are required.