Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2010-1157Sensitive Information Exposure in Apache Tomcat

CWE-200Sensitive Information Exposure9 documents7 sources
Severity
2.6LOWNVD
EPSS
21.7%
top 4.26%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Apache Tomcat
Timeline
PublishedApr 23
Latest updateMay 2

Description

Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply.

CVSS vector

AV:N/AC:H/C:P/I:N/A:NExploitability: 4.9 | Impact: 2.9

Affected Packages1 packages

NVDapache/tomcat53 versions+52

Patches

Patch: svn.apache.orgPatch: svn.apache.orgPatch: tomcat.apache.org

🔴Vulnerability Details

3
OSV
Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat2022-05-02
GHSA
Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat2022-05-02
CVEList
CVE-2010-1157: Apache Tomcat 52010-04-23

💥Exploits & PoCs

1
Exploit-DB
Apache Tomcat 5.5.0 < 5.5.29 / 6.0.0 < 6.0.26 - Information Disclosure2010-04-22

📋Vendor Advisories

1
Red Hat
tomcat: information disclosure in authentication headers2010-04-21

💬Community

3
Bugzilla
CVE-2010-1157 tomcat: information disclosure in authentication headers [fedora-all]2010-04-23
Bugzilla
CVE-2009-2901 CVE-2009-2902 CVE-2009-2693 CVE-2010-1157 tomcat: multiple vulnerabilities [fedora-all]2010-04-23
Bugzilla
CVE-2010-1157 tomcat: information disclosure in authentication headers2010-04-23
CVE-2010-1157 — Sensitive Information Exposure | cvebase