Computer Security
[EN] securityvulns.ru no-pyccku


Apache Tomcat information leak
Published:23.04.2010
Source:
SecurityVulns ID:10784
Type:remote
Threat Level:
3/10
Description:Internal computer name and port may be used as a realm name for HTTP basic authentication.
Affected:APACHE : Tomcat 5.5
 APACHE : Tomcat 6.0
CVE:CVE-2010-1157 (Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply.)
Original documentdocumentAPACHE, [SECURITY] CVE-2010-1157: Apache Tomcat information disclosure vulnerability (23.04.2010)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod