Summary
This host is running Apache Tomcat server and is prone to security bypass vulnerability.
Impact
Remote attackers can exploit this issue to obtain the host name or IP address of the Tomcat server. Information harvested may aid in further attacks.
Impact Level: Application
Solution
Upgrade to the latest version of Apache Tomcat 5.5.30 or 6.0.27 or later, For updates refer to http://tomcat.apache.org
Insight
The flaw is caused by 'realm name' in the 'WWW-Authenticate' HTTP header for 'BASIC' and 'DIGEST' authentication that might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource.
Affected
Apache Tomcat version 5.5.0 to 5.5.29
Apache Tomcat version 6.0.0 to 6.0.26
References
Severity
Classification
-
CVE CVE-2010-1157 -
CVSS Base Score: 2.6
AV:N/AC:H/Au:N/C:P/I:N/A:N
Related Vulnerabilities