2.6
CVSSv2

CVE-2010-1157

Published: 23/04/2010 Updated: 25/03/2019
CVSS v2 Base Score: 2.6 | Impact Score: 2.9 | Exploitability Score: 4.9
VMScore: 265
Vector: AV:N/AC:H/Au:N/C:P/I:N/A:N

Vulnerability Summary

Apache Tomcat 5.5.0 up to and including 5.5.29 and 6.0.0 up to and including 6.0.26 might allow remote malicious users to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply.

Affected Products

Vendor Product Versions
ApacheTomcat5.5.0, 5.5.1, 5.5.2, 5.5.3, 5.5.4, 5.5.5, 5.5.6, 5.5.7, 5.5.8, 5.5.9, 5.5.10, 5.5.11, 5.5.12, 5.5.13, 5.5.14, 5.5.15, 5.5.16, 5.5.17, 5.5.18, 5.5.19, 5.5.20, 5.5.21, 5.5.22, 5.5.23, 5.5.24, 5.5.25, 5.5.26, 5.5.27, 5.5.28, 5.5.29, 6.0.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, 6.0.7, 6.0.8, 6.0.9, 6.0.10, 6.0.11, 6.0.12, 6.0.13, 6.0.14, 6.0.15, 6.0.16, 6.0.17, 6.0.18, 6.0.19, 6.0.20, 6.0.24, 6.0.26

Vendor Advisories

Synopsis Important: jbossweb security update Type/Severity Security Advisory: Important Topic An updated jbossweb package that fixes two security issues is now availablefor JBoss Enterprise Application Platform 42 and 43 for Red HatEnterprise Linux 4 and 5The Red Hat Security Response Team has rated this ...
Debian Bug report logs - #587447 CVE-2010-1157 Package: tomcat6; Maintainer for tomcat6 is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Mon, 28 Jun 2010 17:36:02 UTC Severity: important Tags: security Fixed in version tomcat6/6026-5 ...
IntelligenceCenter uses a version of Tomcat that has several publicly documented vulnerabilities The most severe vulnerability allows an attacker to mount a denial of service attack or to obtain sensitive information by using a specially crafted header ...
VMSA-2011-00032 VMware Security Advisory   VMware Security Advisory Advisory ID: VMSA-2011-00032 VMware Security Advisory Synopsis: Third p ...

Exploits

CVE-2010-1157: Apache Tomcat information disclosure vulnerability Severity: Low Vendor: The Apache Software Foundation Versions Affected: - - Tomcat 600 to 6026 - - Tomcat 550 to 5529 Note: The unsupported Tomcat 3x, 4x and 50x versions may also be affected Description: The "WWW-Authenticate" header for BASIC and DIGEST authen ...

References

CWE-200http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.htmlhttp://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.htmlhttp://marc.info/?l=bugtraq&m=129070310906557&w=2http://marc.info/?l=bugtraq&m=133469267822771&w=2http://marc.info/?l=bugtraq&m=136485229118404&w=2http://marc.info/?l=bugtraq&m=139344343412337&w=2http://secunia.com/advisories/39574http://secunia.com/advisories/42368http://secunia.com/advisories/43310http://secunia.com/advisories/57126http://support.apple.com/kb/HT5002http://svn.apache.org/viewvc?view=revision&revision=936540http://svn.apache.org/viewvc?view=revision&revision=936541http://tomcat.apache.org/security-5.htmlhttp://tomcat.apache.org/security-6.htmlhttp://www.debian.org/security/2011/dsa-2207http://www.mandriva.com/security/advisories?name=MDVSA-2010:176http://www.mandriva.com/security/advisories?name=MDVSA-2010:177http://www.redhat.com/support/errata/RHSA-2011-0896.htmlhttp://www.redhat.com/support/errata/RHSA-2011-0897.htmlhttp://www.securityfocus.com/archive/1/510879/100/0/threadedhttp://www.securityfocus.com/archive/1/516397/100/0/threadedhttp://www.securityfocus.com/bid/39635http://www.vmware.com/security/advisories/VMSA-2011-0003.htmlhttp://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.htmlhttp://www.vupen.com/english/advisories/2010/0980http://www.vupen.com/english/advisories/2010/3056https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3Ehttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19492https://access.redhat.com/errata/RHSA-2010:0584https://www.rapid7.com/db/vulnerabilities/apple-osx-tomcat-cve-2010-1157https://nvd.nist.govhttps://www.exploit-db.com/exploits/12343/http://tools.cisco.com/security/center/viewAlert.x?alertId=20381