Description

Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply.

Remediation

References

CVE-2010-1157

Related Vulnerabilities

Joomla! Core 3.9.x Cross-Site Scripting (3.9.0 - 3.9.20)

WordPress 4.5.x Multiple Vulnerabilities (4.5 - 4.5.3)

PHP Resource Management Errors Vulnerability (CVE-2010-1861)

jQuery UI Dialog Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2010-5312)

Oracle JRE CVE-2019-2983 Vulnerability (CVE-2019-2983)

Severity

Low

Classification

CVE-2010-1157 CWE-200

Tags

Missing Update Known Vulnerabilities