Apache Tomcat Authentication Header Realm Name Information Disclosure Vulnerability Network Vulnerability

Summary

Apache Tomcat is prone to a remote information-disclosure vulnerability. Remote attackers can exploit this issue to obtain the host name or IP address of the Tomcat server. Information harvested may lead to further attacks. The following versions are affected: Tomcat 5.5.0 through 5.5.29 Tomcat 6.0.0 through 6.0.26 Tomcat 3.x, 4.0.x, and 5.0.x may also be affected.

Solution

Updates are available. Please see the references for more information.

References

http://svn.apache.org/viewvc?view=revision&revision=936540
http://svn.apache.org/viewvc?view=revision&revision=936541
http://tomcat.apache.org/
http://tomcat.apache.org/security-5.html
http://tomcat.apache.org/security-6.html
http://www.securityfocus.com/archive/1/510879
http://www.securityfocus.com/bid/39635

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-1157

CVSS	Base Score: 2.6 AV:N/AC:H/Au:N/C:P/I:N/A:N

Related Vulnerabilities

No 404 check
Apache Tomcat Information Disclosure Vulnerability (Windows)
Webserver 4D Cleartext Passwords
Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
Apache Tomcat Security bypass vulnerability

Take action and discover your vulnerabilities