CVE-2010-1157 – org.apache.tomcat:tomcat

Package

Manager: maven
Name: org.apache.tomcat:tomcat
Vulnerable Version: >=5.5.0 <5.5.30 || >=6.0.0 <6.0.28

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.17005 pctl0.94724

Details

Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply.

Metadata

Created: 2022-05-02T06:19:37Z
Modified: 2022-06-17T22:33:12Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-w6q7-ww2x-7gm3/GHSA-w6q7-ww2x-7gm3.json
CWE IDs: ["CWE-200"]
Alternative ID: GHSA-w6q7-ww2x-7gm3
Finding: F308
Auto approve: 1