English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 73247 CVE descriptions
and 39212 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.100598
Category:Web Servers
Title:Apache Tomcat Authentication Header Realm Name Information Disclosure Vulnerability
Summary:Determine if installed Tomcat version is vulnerable
Description:Overview:
Apache Tomcat is prone to a remote information-disclosure
vulnerability.

Remote attackers can exploit this issue to obtain the host name or IP
address of the Tomcat server. Information harvested may lead to
further attacks.

The following versions are affected:

Tomcat 5.5.0 through 5.5.29 Tomcat 6.0.0 through 6.0.26

Tomcat 3.x, 4.0.x, and 5.0.x may also be affected.

Solution:
Updates are available. Please see the references for more information.

References:
http://www.securityfocus.com/bid/39635
http://tomcat.apache.org/security-5.html
http://tomcat.apache.org/security-6.html
http://tomcat.apache.org/
http://svn.apache.org/viewvc?view=revision&revision=936540
http://svn.apache.org/viewvc?view=revision&revision=936541
http://www.securityfocus.com/archive/1/510879
Cross-Ref: BugTraq ID: 39635
Common Vulnerability Exposure (CVE) ID: CVE-2010-1157
Bugtraq: 20100421 [SECURITY] CVE-2010-1157: Apache Tomcat information disclosure vulnerability (Google Search)
http://www.securityfocus.com/archive/1/archive/1/510879/100/0/threaded
Bugtraq: 20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX (Google Search)
http://www.securityfocus.com/archive/1/archive/1/516397/100/0/threaded
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
Debian Security Information: DSA-2207 (Google Search)
http://www.debian.org/security/2011/dsa-2207
HPdes Security Advisory: HPSBUX02579
http://marc.info/?l=bugtraq&m=129070310906557&w=2
HPdes Security Advisory: SSRT100203
HPdes Security Advisory: HPSBUX02860
http://marc.info/?l=bugtraq&m=136485229118404&w=2
HPdes Security Advisory: SSRT101146
HPdes Security Advisory: HPSBST02955
http://marc.info/?l=bugtraq&m=139344343412337&w=2
http://www.mandriva.com/security/advisories?name=MDVSA-2010:176
http://www.mandriva.com/security/advisories?name=MDVSA-2010:177
http://www.redhat.com/support/errata/RHSA-2011-0896.html
http://www.redhat.com/support/errata/RHSA-2011-0897.html
SuSE Security Announcement: SUSE-SR:2010:017 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html
http://www.securityfocus.com/bid/39635
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:19492
http://secunia.com/advisories/39574
http://secunia.com/advisories/42368
http://secunia.com/advisories/43310
http://secunia.com/advisories/57126
http://www.vupen.com/english/advisories/2010/0980
http://www.vupen.com/english/advisories/2010/3056
CopyrightThis script is Copyright (C) 2010 Greenbone Networks GmbH

This is only one of 39212 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois

© 1998-2014 E-Soft Inc. All rights reserved.