English | Deutsch | Español
 
Startseite ▼
Startseite Über uns Kontact Datenschutz Partnerprogramme Zeugnisse In der Presse Mailinglisten Missbrauch Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Sicherheits
Überprüfungs ▼
Home Dediziert Erweitert Standard Wiederkehrend Risikolos Desktop Basis Sicherheits Segal FAQ Preis/Funktionszusammenfassung Bestellen Neue Anfälligkeiten Alle Anfälligkeiten Vertraulichkeit Anfälligkeiten Suche Durchführen Terminkalender IP Permissions Maßgeschneidert Warteschlange Erinnerer Siegel Berichte Berichts Stil
Verwaltetes
DNS ▼
Info Bestellen/Erneuern FAQ AUP Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password
Netzwerk
Überwachung ▼
Enterprise Erweiterte Standard Gratis Test FAQ Preis/Funktionszusammenfassung Bestellen Beispiele
Konfigurieren/Status Alarm Profile
Recherce
Berichte ▼
Home FAQ Glossary Archive
 Anmeldung/Registrierung 
 
 Anfälligkeitssuche        Suche in 324607 CVE Beschreibungen
und 145615 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.901114
Kategorie:Web Servers
Titel:Apache Tomcat Security bypass vulnerability
Zusammenfassung:Apache Tomcat server is prone to a security bypass vulnerability.
Beschreibung:Summary:
Apache Tomcat server is prone to a security bypass vulnerability.

Vulnerability Insight:
The flaw is caused by 'realm name' in the 'WWW-Authenticate' HTTP header for
'BASIC' and 'DIGEST' authentication that might allow remote attackers to
discover the server's hostname or IP address by sending a request for a resource.

Vulnerability Impact:
Remote attackers can exploit this issue to obtain the host name or IP address
of the Tomcat server. Information harvested may aid in further attacks.

Affected Software/OS:
Apache Tomcat version 5.5.0 to 5.5.29
Apache Tomcat version 6.0.0 to 6.0.26.

Solution:
Upgrade to the latest version of Apache Tomcat 5.5.30 or 6.0.27 or later.

CVSS Score:
2.6

CVSS Vector:
AV:N/AC:H/Au:N/C:P/I:N/A:N

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2010-1157
20100421 [SECURITY] CVE-2010-1157: Apache Tomcat information disclosure vulnerability
http://www.securityfocus.com/archive/1/510879/100/0/threaded
20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
http://www.securityfocus.com/archive/1/516397/100/0/threaded
39574
http://secunia.com/advisories/39574
39635
http://www.securityfocus.com/bid/39635
42368
http://secunia.com/advisories/42368
43310
http://secunia.com/advisories/43310
57126
http://secunia.com/advisories/57126
ADV-2010-0980
http://www.vupen.com/english/advisories/2010/0980
ADV-2010-3056
http://www.vupen.com/english/advisories/2010/3056
APPLE-SA-2011-10-12-3
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
DSA-2207
http://www.debian.org/security/2011/dsa-2207
HPSBOV02762
http://marc.info/?l=bugtraq&m=133469267822771&w=2
HPSBST02955
http://marc.info/?l=bugtraq&m=139344343412337&w=2
HPSBUX02579
http://marc.info/?l=bugtraq&m=129070310906557&w=2
HPSBUX02860
http://marc.info/?l=bugtraq&m=136485229118404&w=2
MDVSA-2010:176
http://www.mandriva.com/security/advisories?name=MDVSA-2010:176
MDVSA-2010:177
http://www.mandriva.com/security/advisories?name=MDVSA-2010:177
RHSA-2011:0896
http://www.redhat.com/support/errata/RHSA-2011-0896.html
RHSA-2011:0897
http://www.redhat.com/support/errata/RHSA-2011-0897.html
SSRT100203
SSRT100825
SSRT101146
SUSE-SR:2010:017
http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html
[tomcat-dev] 20190319 svn commit: r1855831 [22/30] - in /tomcat/site/trunk: ./ docs/ xdocs/
https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E
[tomcat-dev] 20190325 svn commit: r1856174 [20/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/
https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E
[tomcat-dev] 20200203 svn commit: r1873527 [22/30] - /tomcat/site/trunk/docs/
https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E
[tomcat-dev] 20200213 svn commit: r1873980 [25/34] - /tomcat/site/trunk/docs/
https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E
http://support.apple.com/kb/HT5002
http://svn.apache.org/viewvc?view=revision&revision=936540
http://svn.apache.org/viewvc?view=revision&revision=936541
http://tomcat.apache.org/security-5.html
http://tomcat.apache.org/security-6.html
http://www.vmware.com/security/advisories/VMSA-2011-0003.html
http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html
oval:org.mitre.oval:def:19492
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19492
CopyrightCopyright (C) 2010 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.



© 1998-2025 E-Soft Inc. Alle Rechte vorbehalten.