CVE-2010-1157
Last modified
CVE-2010-1157 is a vulnerability of currently unknown severity. Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply.. EPSS estimates a 52.51% chance of exploitation in the next 30 days.
Description
Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Apache | Tomcat | 5.5.0 |
| Apache | Tomcat | 5.5.1 |
| Apache | Tomcat | 5.5.2 |
| Apache | Tomcat | 5.5.3 |
| Apache | Tomcat | 5.5.4 |
| Apache | Tomcat | 5.5.5 |
| Apache | Tomcat | 5.5.6 |
| Apache | Tomcat | 5.5.7 |
| Apache | Tomcat | 5.5.8 |
| Apache | Tomcat | 5.5.9 |
| Apache | Tomcat | 5.5.10 |
| Apache | Tomcat | 5.5.11 |
| Apache | Tomcat | 5.5.12 |
| Apache | Tomcat | 5.5.13 |
| Apache | Tomcat | 5.5.14 |
| Apache | Tomcat | 5.5.15 |
| Apache | Tomcat | 5.5.16 |
| Apache | Tomcat | 5.5.17 |
| Apache | Tomcat | 5.5.18 |
| Apache | Tomcat | 5.5.19 |
| Apache | Tomcat | 5.5.20 |
| Apache | Tomcat | 5.5.21 |
| Apache | Tomcat | 5.5.22 |
| Apache | Tomcat | 5.5.23 |
| Apache | Tomcat | 5.5.24 |
| Apache | Tomcat | 5.5.25 |
| Apache | Tomcat | 5.5.26 |
| Apache | Tomcat | 5.5.27 |
| Apache | Tomcat | 5.5.28 |
| Apache | Tomcat | 5.5.29 |
| Apache | Tomcat | 6.0.0 |
| Apache | Tomcat | 6.0.1 |
| Apache | Tomcat | 6.0.2 |
| Apache | Tomcat | 6.0.3 |
| Apache | Tomcat | 6.0.4 |
| Apache | Tomcat | 6.0.5 |
| Apache | Tomcat | 6.0.6 |
| Apache | Tomcat | 6.0.7 |
| Apache | Tomcat | 6.0.8 |
| Apache | Tomcat | 6.0.9 |
| Apache | Tomcat | 6.0.10 |
| Apache | Tomcat | 6.0.11 |
| Apache | Tomcat | 6.0.12 |
| Apache | Tomcat | 6.0.13 |
| Apache | Tomcat | 6.0.14 |
| Apache | Tomcat | 6.0.15 |
| Apache | Tomcat | 6.0.16 |
| Apache | Tomcat | 6.0.17 |
| Apache | Tomcat | 6.0.18 |
| Apache | Tomcat | 6.0.19 |
Showing 50 of 53 affected configurations. See NVD for the full list.
References
- http://secunia.com/advisories/39574Vendor Advisory
- http://secunia.com/advisories/42368Vendor Advisory
- http://secunia.com/advisories/43310Vendor Advisory
- http://tomcat.apache.org/security-5.htmlPatch, Vendor Advisory
- http://tomcat.apache.org/security-6.htmlPatch, Vendor Advisory
- http://www.vupen.com/english/advisories/2010/0980Vendor Advisory
- http://www.vupen.com/english/advisories/2010/3056Vendor Advisory
- http://secunia.com/advisories/39574Vendor Advisory
- http://secunia.com/advisories/42368Vendor Advisory
- http://secunia.com/advisories/43310Vendor Advisory
- http://tomcat.apache.org/security-5.htmlPatch, Vendor Advisory
- http://tomcat.apache.org/security-6.htmlPatch, Vendor Advisory
- http://www.vupen.com/english/advisories/2010/0980Vendor Advisory
- http://www.vupen.com/english/advisories/2010/3056Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2010-1157?
How severe is CVE-2010-1157?
How do I fix CVE-2010-1157?
Are you affected by CVE-2010-1157?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST