Vulnerability Description
Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Tomcat | 5.5.0 |
Related Weaknesses (CWE)
References
- http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
- http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html
- http://marc.info/?l=bugtraq&m=129070310906557&w=2
- http://marc.info/?l=bugtraq&m=133469267822771&w=2
- http://marc.info/?l=bugtraq&m=136485229118404&w=2
- http://marc.info/?l=bugtraq&m=139344343412337&w=2
- http://secunia.com/advisories/39574Vendor Advisory
- http://secunia.com/advisories/42368Vendor Advisory
- http://secunia.com/advisories/43310Vendor Advisory
- http://secunia.com/advisories/57126
- http://support.apple.com/kb/HT5002
- http://svn.apache.org/viewvc?view=revision&revision=936540Patch
- http://svn.apache.org/viewvc?view=revision&revision=936541Patch
- http://tomcat.apache.org/security-5.htmlPatchVendor Advisory
- http://tomcat.apache.org/security-6.htmlPatchVendor Advisory
FAQ
What is CVE-2010-1157?
CVE-2010-1157 is a vulnerability with a CVSS score of 2.6 (LOW). Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or ...
How severe is CVE-2010-1157?
CVE-2010-1157 has been rated LOW with a CVSS base score of 2.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-1157?
Check the references section above for vendor advisories and patch information. Affected products include: Apache Tomcat.