This host is running Apache Tomcat server and is prone to security bypass vulnerability.
Remote attackers can exploit this issue to obtain the host name or IP address of the Tomcat server. Information harvested may aid in further attacks. Impact Level: Application
Upgrade to the latest version of Apache Tomcat 5.5.30 or 6.0.27 or later, For updates refer to http://tomcat.apache.org
The flaw is caused by 'realm name' in the 'WWW-Authenticate' HTTP header for 'BASIC' and 'DIGEST' authentication that might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource.
Apache Tomcat version 5.5.0 to 5.5.29 Apache Tomcat version 6.0.0 to 6.0.26
- Several GET locks web server
- Appweb Web Server Cross Site Scripting Vulnerability
- Apache Tomcat Authentication Header Realm Name Information Disclosure Vulnerability
- Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
- Mini Web Server Cross Site Scripting and Directory Traversal Vulnerabilities