CVE-2010-1157

CVSS V2 Low 2.6 CVSS V3 None
Description
Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply.
Overview
  • CVE ID
  • CVE-2010-1157
  • Assigner
  • secalert@redhat.com
  • Vulnerability Status
  • Modified
  • Published Version
  • 2010-04-23T14:30:01
  • Last Modified Date
  • 2023-02-13T04:17:21
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:apache:tomcat:5.5.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apache:tomcat:5.5.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apache:tomcat:5.5.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apache:tomcat:5.5.3:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apache:tomcat:5.5.4:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apache:tomcat:5.5.5:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apache:tomcat:5.5.6:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apache:tomcat:5.5.7:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apache:tomcat:5.5.8:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apache:tomcat:5.5.9:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apache:tomcat:5.5.10:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apache:tomcat:5.5.11:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apache:tomcat:5.5.12:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apache:tomcat:5.5.13:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apache:tomcat:5.5.14:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apache:tomcat:5.5.15:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apache:tomcat:5.5.16:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apache:tomcat:5.5.17:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apache:tomcat:5.5.18:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apache:tomcat:5.5.19:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apache:tomcat:5.5.20:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apache:tomcat:5.5.21:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apache:tomcat:5.5.22:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apache:tomcat:5.5.23:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apache:tomcat:5.5.24:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apache:tomcat:5.5.25:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apache:tomcat:5.5.26:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apache:tomcat:5.5.27:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apache:tomcat:5.5.28:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apache:tomcat:5.5.29:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apache:tomcat:6.0.3:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apache:tomcat:6.0.5:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apache:tomcat:6.0.6:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apache:tomcat:6.0.7:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apache:tomcat:6.0.8:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apache:tomcat:6.0.9:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apache:tomcat:6.0.14:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apache:tomcat:6.0.15:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apache:tomcat:6.0.16:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apache:tomcat:6.0.17:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apache:tomcat:6.0.18:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apache:tomcat:6.0.19:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apache:tomcat:6.0.20:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apache:tomcat:6.0.24:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apache:tomcat:6.0.26:*:*:*:*:*:*:* 1 OR
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:N/AC:H/Au:N/C:P/I:N/A:N
  • Access Vector
  • NETWORK
  • Access Compatibility
  • HIGH
  • Authentication
  • NONE
  • Confidentiality Impact
  • PARTIAL
  • Integrity Impact
  • NONE
  • Availability Impact
  • NONE
  • Base Score
  • 2.6
  • Severity
  • LOW
  • Exploitability Score
  • 4.9
  • Impact Score
  • 2.9
References
Reference URL Reference Tags
http://tomcat.apache.org/security-6.html Patch Vendor Advisory
http://tomcat.apache.org/security-5.html Patch Vendor Advisory
http://www.securityfocus.com/bid/39635
http://svn.apache.org/viewvc?view=revision&revision=936540 Patch
http://secunia.com/advisories/39574 Vendor Advisory
http://www.vupen.com/english/advisories/2010/0980 Vendor Advisory
http://svn.apache.org/viewvc?view=revision&revision=936541 Patch
http://www.mandriva.com/security/advisories?name=MDVSA-2010:176
http://www.mandriva.com/security/advisories?name=MDVSA-2010:177
http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html
http://marc.info/?l=bugtraq&m=129070310906557&w=2
http://secunia.com/advisories/42368 Vendor Advisory
http://www.vupen.com/english/advisories/2010/3056 Vendor Advisory
http://www.vmware.com/security/advisories/VMSA-2011-0003.html
http://secunia.com/advisories/43310 Vendor Advisory
http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html
http://www.redhat.com/support/errata/RHSA-2011-0896.html
http://www.redhat.com/support/errata/RHSA-2011-0897.html
http://www.debian.org/security/2011/dsa-2207
http://support.apple.com/kb/HT5002
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
http://marc.info/?l=bugtraq&m=136485229118404&w=2
http://marc.info/?l=bugtraq&m=139344343412337&w=2
http://secunia.com/advisories/57126
http://marc.info/?l=bugtraq&m=133469267822771&w=2
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19492
http://www.securityfocus.com/archive/1/516397/100/0/threaded
http://www.securityfocus.com/archive/1/510879/100/0/threaded
https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E
History
Created Old Value New Value Data Type Notes
2022-05-10 17:45:45 Added to TrackCVE
2023-02-13 05:03:32 2023-02-13T04:17:21 CVE Modified Date updated