Description

Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply.

Remediation

References

CVE-2010-1157

Related Vulnerabilities

PHP-Fusion Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-23658)

WordPress Plugin YITH WooCommerce Gift Cards Security Bypass (1.3.7)

Moodle CVE-2018-1081 Vulnerability (CVE-2018-1081)

WordPress Plugin All-In-One Security (AIOS)-Security and Firewall SQL Injection (3.8.7)

Atlassian Jira URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2018-13402)

Severity

Low

Classification

CVE-2010-1157 CWE-200

Tags

Missing Update Known Vulnerabilities