FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2010-1157

This CVE name corresponds to:

Entered	Topic
2010-04-24	tomcat -- information disclosure vulnerability

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2010-1157 at cve.mitre.org

Details

Type	Candidate
Name	CVE-2010-1157
Phase	Assigned(20100329)

Description

Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply.

References

Source	Reference
BUGTRAQ	20100421 [SECURITY] CVE-2010-1157: Apache Tomcat information disclosure vulnerability
BUGTRAQ	20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
CONFIRM	http://tomcat.apache.org/security-5.html
CONFIRM	http://tomcat.apache.org/security-6.html
CONFIRM	http://svn.apache.org/viewvc?view=revision&revision=936540
CONFIRM	http://svn.apache.org/viewvc?view=revision&revision=936541
CONFIRM	http://www.vmware.com/security/advisories/VMSA-2011-0003.html
CONFIRM	http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html
CONFIRM	http://support.apple.com/kb/HT5002
APPLE	APPLE-SA-2011-10-12-3
DEBIAN	DSA-2207
HP	HPSBUX02579
HP	SSRT100203
HP	HPSBUX02860
HP	SSRT101146
HP	HPSBST02955
MANDRIVA	MDVSA-2010:176
MANDRIVA	MDVSA-2010:177
REDHAT	RHSA-2011:0896
REDHAT	RHSA-2011:0897
SUSE	SUSE-SR:2010:017
BID	39635
OVAL	oval:org.mitre.oval:def:19492
SECUNIA	39574
SECUNIA	42368
SECUNIA	43310
SECUNIA	57126
VUPEN	ADV-2010-0980
VUPEN	ADV-2010-3056