Apache Tomcat Security Bypass Vulnerability Network Vulnerability

Summary

This host is running Apache Tomcat server and is prone to security bypass vulnerability.

Impact

Remote attackers can exploit this issue to obtain the host name or IP address of the Tomcat server. Information harvested may aid in further attacks. Impact Level: Application

Solution

Upgrade to the latest version of Apache Tomcat 5.5.30 or 6.0.27 or later, For updates refer to http://tomcat.apache.org

Insight

The flaw is caused by 'realm name' in the 'WWW-Authenticate' HTTP header for 'BASIC' and 'DIGEST' authentication that might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource.

Affected

Apache Tomcat version 5.5.0 to 5.5.29 Apache Tomcat version 6.0.0 to 6.0.26

References

http://tomcat.apache.org/security-5.html
http://tomcat.apache.org/security-6.html
http://www.securityfocus.com/archive/1/510879

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-1157
CVSS Base Score: 2.6
AV:N/AC:H/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Appweb Web Server Cross Site Scripting Vulnerability
NetScaler web management interface detection
Several GET locks web server
F5 BIG-IP Cookie Persistence
IIS 5 .printer ISAPI filter applied

Apache Tomcat Security bypass vulnerability

Take action and discover your vulnerabilities