Apache Tomcat Authentication Header Realm Name Information Disclosure Vulnerability Network Vulnerability

Summary

Apache Tomcat is prone to a remote information-disclosure vulnerability. Remote attackers can exploit this issue to obtain the host name or IP address of the Tomcat server. Information harvested may lead to further attacks. The following versions are affected: Tomcat 5.5.0 through 5.5.29 Tomcat 6.0.0 through 6.0.26 Tomcat 3.x, 4.0.x, and 5.0.x may also be affected.

Solution

Updates are available. Please see the references for more information.

References

http://svn.apache.org/viewvc?view=revision&revision=936540
http://svn.apache.org/viewvc?view=revision&revision=936541
http://tomcat.apache.org/
http://tomcat.apache.org/security-5.html
http://tomcat.apache.org/security-6.html
http://www.securityfocus.com/archive/1/510879
http://www.securityfocus.com/bid/39635

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-1157
CVSS Base Score: 2.6
AV:N/AC:H/Au:N/C:P/I:N/A:N

Related Vulnerabilities

F5 BIG-IP Cookie Persistence
NetScaler web management interface detection
Apache Tomcat Authentication Header Realm Name Information Disclosure Vulnerability
Apache Tomcat Security bypass vulnerability
Appweb Web Server Cross Site Scripting Vulnerability

Take action and discover your vulnerabilities